CVE-2017-0280Improper Input Validation in Corporation Server Block Message 1.0

CWE-20Improper Input ValidationCWE-940Improper Verification of Source of a Communication ChannelCWE-346Origin Validation Error15 documents6 sources
Severity
5.9MEDIUMNVD
EPSS
3.6%
top 12.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
20
Sleekxmpp Project SleekxmppSlixmpp Project SlixmppConversejs Converse.js+17 more
Timeline
PublishedMay 12
Latest updateMay 17

Description

The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". This CVE ID is unique from CVE-2017-0269 and CVE-2017-0273.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages19 packages

CVEListV5microsoft_corporation/server_block_message_1.0Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016.

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

6
GHSA
XMPP Clients User Impersonation Vulnerability in Movim Moxl2022-05-17
GHSA
GHSA-g5w5-8h24-v8qp: The Microsoft Server Message Block 12022-05-14
GHSA
GHSA-fvp7-487q-7m8q: The Microsoft Server Message Block 12022-05-14
GHSA
GHSA-m852-pj36-5xhg: The Microsoft Server Message Block 12022-05-14
GHSA
SleekXMPP and Slixmpp Incorrect Implementation of Message Carbons2022-05-13

📋Vendor Advisories

1
Microsoft
Windows SMB Denial of Service Vulnerability2017-05-09

🕵️Threat Intelligence

1
Talos
Microsoft Patch Tuesday - May 20172017-05-10

💬Community

2
Bugzilla
CVE-2017-5593 psi-plus: User impersonation vulnerability2017-02-10
Bugzilla
CVE-2017-5591 python-sleekxmpp: User impersonation vulnerability2017-02-10