CVE-2010-0362

Published Jan 20, 2010

Last updated a month ago

CVSS info 5.0

Overview

Description: Zeus Web Server before 4.3r5 does not use random transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses.
Source: cve@mitre.org
NVD status: Deferred

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-310

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:zeus:zeus_web_server:*:r4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0CC1B4F-B527-4383-B16F-E392A0D0D8C2",
            "versionEndIncluding": "4.3"
          },
          {
            "criteria": "cpe:2.3:a:zeus:zeus_web_server:3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF3C0DD2-15F8-4A76-BB8E-42988AA5751D"
          },
          {
            "criteria": "cpe:2.3:a:zeus:zeus_web_server:3.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE292E53-0183-41CB-89F5-A308DBE05AD2"
          },
          {
            "criteria": "cpe:2.3:a:zeus:zeus_web_server:3.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD6AE631-1E86-4F16-ACD6-044411F3E538"
          },
          {
            "criteria": "cpe:2.3:a:zeus:zeus_web_server:3.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90E93078-4EC7-43B4-AF14-77E25A37BC0C"
          },
          {
            "criteria": "cpe:2.3:a:zeus:zeus_web_server:3.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "657E0196-89B2-4C05-97FD-65D82C179FCB"
          },
          {
            "criteria": "cpe:2.3:a:zeus:zeus_web_server:3.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "572BEB5E-FD32-448D-BC98-D685C96FF438"
          },
          {
            "criteria": "cpe:2.3:a:zeus:zeus_web_server:3.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D0B0919-5BE8-41F3-9E37-61919D8A3D47"
          },
          {
            "criteria": "cpe:2.3:a:zeus:zeus_web_server:3.3.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95831344-1D83-4C78-9A88-6D1F855DA316"
          },
          {
            "criteria": "cpe:2.3:a:zeus:zeus_web_server:3.3.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2209F46D-CC66-4F92-A127-D910F1E94B47"
          },
          {
            "criteria": "cpe:2.3:a:zeus:zeus_web_server:3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA8AE81E-74A4-4745-BB16-688B2F7B77E2"
          },
          {
            "criteria": "cpe:2.3:a:zeus:zeus_web_server:4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9074BFE9-176E-43B7-AEC2-EE83A8AE0921"
          },
          {
            "criteria": "cpe:2.3:a:zeus:zeus_web_server:4.1:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D574A43D-E2A6-4BAF-803E-A7041B916A54"
          },
          {
            "criteria": "cpe:2.3:a:zeus:zeus_web_server:4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC5B7188-066F-44B3-ADAF-AA937023A3DE"
          },
          {
            "criteria": "cpe:2.3:a:zeus:zeus_web_server:4.2:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECFC5BC3-8D90-4B23-8137-5810B879A5EF"
          },
          {
            "criteria": "cpe:2.3:a:zeus:zeus_web_server:4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB434DD5-A283-4540-B5BD-55778D644696"
          },
          {
            "criteria": "cpe:2.3:a:zeus:zeus_web_server:4.3:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5B78529-94DF-4829-B779-DD0CDC3E81C1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References