CyberSec.Space Logo
返回 CVE 浏览器

CVE-2010-0359

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1750%
EPSS Percentile2.53th
Published2010年1月20日
Last Modified2026年4月23日

Vulnerability Description

Buffer overflow in the SSLv2 support in Zeus Web Server before 4.3r5 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in an invalid Client Hello message.

Affected Platforms (CPE)

📦
Zeus

Zeus Web Server

= 4.3r5

References & Advisories

🔗 http://intevydis.blogspot.com/2010/01/zeus-web-server-ssl2clienthello.html
🔗 http://intevydis.com/vd-list.shtml
🔗 http://secunia.com/advisories/38056
🔗 http://securitytracker.com/id?1023465
🔗 http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES
🔗 http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released
🔗 http://www.osvdb.org/61699
🔗 http://www.securityfocus.com/bid/37829

相关漏洞威胁

CVE-1999-088310.0

Zeus web server allows remote attackers to read arbitrary files by specifying the file name in an option to the search engine.

CVE-1999-08845.0

The Zeus web server administrative interface uses weak encryption for its passwords.

CVE-2000-01495.0

Zeus web server allows remote attackers to view the source code for CGI programs via a null character (%00) at the end of a URL.

CVE-2010-03625.0

Zeus Web Server before 4.3r5 does not use random transaction IDs for DNS requests, which makes it easier for remote attackers to s...