Published: 31/12/2015 Updated: 31/12/2015

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote malicious users to cause a denial of service (application crash) via format string specifiers.

Vulnerable Product	Search on Vulmon	Subscribe to Product
idera uptime infrastructure monitor 7.2
idera uptime infrastructure monitor 6.0

Downtime for Up.Time: time to patch some bugs

The Register • Richard Chirgwin • 09 Dec 2015

Server crash monitor easy to crash

Popular sysadmin tool Up.Time from Idera software needs patching, with bugs exposing it to denial-of-service attacks and possible remote code execution. The bugs in the server monitoring tool (now known as Uptime Infrastructure Monitor), outlined by the Carnegie-Mellon CERT here, cover three CVEs: CVE-2015-2894, CVE-2015-2895 and CVE-2015-2896. The first of these is an uncontrolled format string, in Up.Time 6.0 and 7.2, allowing an attacker to crash the application by sending %n or %s as format ...

CVE-2015-2894

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect