Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2015-7705

Published: 07/08/2017 Updated: 17/11/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Ntp

Vulnerability Summary

The rate limiting feature in NTP 4.x prior to 4.2.8p4 and 4.3.x prior to 4.3.77 allows remote malicious users to have unspecified impact via a large number of crafted requests.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ntp ntp

ntp ntp 4.2.8

netapp oncommand performance manager -

netapp oncommand unified manager -

netapp clustered data ontap -

netapp data ontap -

citrix xenserver 6.0.2

citrix xenserver 6.2.0

citrix xenserver 6.5

citrix xenserver 7.0

siemens tim_4r-ie_firmware

siemens tim_4r-ie_dnp3_firmware

Vendor Advisories

Ubuntu Security Notice: ntp vulnerabilities
Several security issues were fixed in NTP ...
Red Hat: CVE-2015-7705
The rate limiting feature in NTP 4x before 428p4 and 43x before 4377 allows remote attackers to have unspecified impact via a large number of crafted requests ...
Cisco: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
Multiple Cisco products incorporate a version of the ntpd package Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a network time protocol (NTP) server On October 21st, 2 ...
Citrix Security Bulletins: Citrix XenServer Multiple Security Updates
Description of Problem Several security issues have been identified within Citrix XenServer These issues could, if exploited, allow an authenticated administrator to perform a denial-of-service attack against the host, even when that administrator has a less-privileged RBAC role (eg read-only)  In addition, the issues could permit an attac ...

References

CWE-20https://www.kb.cert.org/vuls/id/718152https://www.cs.bu.edu/~goldbe/NTPattack.htmlhttps://eprint.iacr.org/2015/1020.pdfhttps://bugzilla.redhat.com/show_bug.cgi?id=1274184http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_4_2_8p4_Securithttp://support.ntp.org/bin/view/Main/NtpBug2901https://security.gentoo.org/glsa/201607-15https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839http://www.securityfocus.com/bid/77284http://www.securitytracker.com/id/1033951https://security.netapp.com/advisory/ntap-20171004-0001/https://support.citrix.com/article/CTX220112https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdfhttps://us-cert.cisa.gov/ics/advisories/icsa-21-103-11https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdfhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.htmlhttp://lists.opensuse.org/opensuse-updates/2016-05/msg00114.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlhttp://lists.opensuse.org/opensuse-updates/2015-11/msg00093.htmlhttp://www.ubuntu.com/usn/USN-2783-1http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.htmlhttp://www.securityfocus.com/archive/1/archive/1/536737/100/100/threadedhttps://bto.bluecoat.com/security-advisory/sa103http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.htmlhttp://www.securityfocus.com/archive/1/536796/100/0/threadedhttp://www.securityfocus.com/archive/1/536737/100/0/threadedhttp://www.securityfocus.com/archive/1/archive/1/536796/100/100/threadedhttps://us-cert.cisa.gov/ics/advisories/icsa-21-159-11http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.htmlhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntphttps://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016https://nvd.nist.govhttps://usn.ubuntu.com/2783-1/https://www.kb.cert.org/vuls/id/718152
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook