Published: 23/06/2009 Updated: 24/06/2009

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

GUPnP 0.12.7 allows remote malicious users to cause a denial of service (crash) via an empty (1) subscription or (2) control message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gupnp gupnp 0.12.7

Debian Bug report logs - #534594 CVE-2009-2174: denial of service (crash) via an empty (1) subscription or (2) control message Package: gupnp; Maintainer for gupnp is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Giuseppe Iuculano <giuseppe@iuculanoit> Date: Thu, 25 Jun 2009 1 ...

source: wwwsecurityfocuscom/bid/35390/info GUPnP is prone to a vulnerability that remote attackers may exploit to cause denial-of-service conditions Versions prior to GUPnP 0128 are affected ======== ACTION MESSAGE ========== POST /Dimming/Control HTTP/11 SOAPAction: "urn:schemas-upnp-org:service:Dimming:1#GetLoadLevelStatus" Host ...

NVD-CWE-Other http://secunia.com/advisories/35482 http://www.vupen.com/english/advisories/2009/1597 http://git.gupnp.org/cgit.cgi?url=gupnp/tree/NEWS&id=ce714a6700ce03953a2886a66ec57db59205f4e6 http://secunia.com/advisories/35472 https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00494.html http://www.osvdb.org/55128 https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00607.html http://www.securityfocus.com/bid/35390 http://bugzilla.openedhand.com/show_bug.cgi?id=1604 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534594 https://nvd.nist.gov https://www.exploit-db.com/exploits/33040/

CVE-2009-2174

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect