CyberSec.Space Logo
Back to CVE Browser

CVE-2010-0359

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1750%
EPSS Percentile2.53th
PublishedJan 20, 2010
Last ModifiedApr 23, 2026

Vulnerability Description

Buffer overflow in the SSLv2 support in Zeus Web Server before 4.3r5 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in an invalid Client Hello message.

Affected Platforms (CPE)

πŸ“¦
Zeus

Zeus Web Server

= 4.3r5

References & Advisories

πŸ”— http://intevydis.blogspot.com/2010/01/zeus-web-server-ssl2clienthello.html
πŸ”— http://intevydis.com/vd-list.shtml
πŸ”— http://secunia.com/advisories/38056
πŸ”— http://securitytracker.com/id?1023465
πŸ”— http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES
πŸ”— http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released
πŸ”— http://www.osvdb.org/61699
πŸ”— http://www.securityfocus.com/bid/37829

Related Vulnerabilities

CVE-1999-088310.0

Zeus web server allows remote attackers to read arbitrary files by specifying the file name in an option to the search engine.

CVE-1999-08845.0

The Zeus web server administrative interface uses weak encryption for its passwords.

CVE-2000-01495.0

Zeus web server allows remote attackers to view the source code for CGI programs via a null character (%00) at the end of a URL.

CVE-2010-03625.0

Zeus Web Server before 4.3r5 does not use random transaction IDs for DNS requests, which makes it easier for remote attackers to s...