CVE-2009-2954

EPSS 13.65%
Published 24.08.2009 15:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Internet Explorer Version <= 6.0.2900.2180

Microsoft ≫ Internet Explorer Version3.0

Microsoft ≫ Internet Explorer Version3.0.1

Microsoft ≫ Internet Explorer Version3.0.2

Microsoft ≫ Internet Explorer Version3.1

Microsoft ≫ Internet Explorer Version3.2

Microsoft ≫ Internet Explorer Version4.0

Microsoft ≫ Internet Explorer Version4.0.1

Microsoft ≫ Internet Explorer Version4.0.1 Updatesp1

Microsoft ≫ Internet Explorer Version4.0.1 Updatesp2

Microsoft ≫ Internet Explorer Version4.01

Microsoft ≫ Internet Explorer Version4.1

Microsoft ≫ Internet Explorer Version4.01 Updatesp1

Microsoft ≫ Internet Explorer Version4.5

Microsoft ≫ Internet Explorer Version4.40.308

Microsoft ≫ Internet Explorer Version4.40.520

Microsoft ≫ Internet Explorer Version4.70.1155

Microsoft ≫ Internet Explorer Version4.70.1158

Microsoft ≫ Internet Explorer Version4.70.1215

Microsoft ≫ Internet Explorer Version4.70.1300

Microsoft ≫ Internet Explorer Version4.71.544

Microsoft ≫ Internet Explorer Version4.71.1008.3

Microsoft ≫ Internet Explorer Version4.71.1712.6

Microsoft ≫ Internet Explorer Version4.72.2106.8

Microsoft ≫ Internet Explorer Version4.72.3110.8

Microsoft ≫ Internet Explorer Version4.72.3612.1713

Microsoft ≫ Internet Explorer Version5

Microsoft ≫ Internet Explorer Version5.0

Microsoft ≫ Internet Explorer Version5.0.1

Microsoft ≫ Internet Explorer Version5.0.1 Updatesp1

Microsoft ≫ Internet Explorer Version5.0.1 Updatesp2

Microsoft ≫ Internet Explorer Version5.0.1 Updatesp3

Microsoft ≫ Internet Explorer Version5.0.1 Updatesp4

Microsoft ≫ Internet Explorer Version5.00.0518.10

Microsoft ≫ Internet Explorer Version5.00.0910.1309

Microsoft ≫ Internet Explorer Version5.00.2014.0216

Microsoft ≫ Internet Explorer Version5.00.2314.1003

Microsoft ≫ Internet Explorer Version5.00.2516.1900

Microsoft ≫ Internet Explorer Version5.00.2614.3500

Microsoft ≫ Internet Explorer Version5.00.2919.800

Microsoft ≫ Internet Explorer Version5.00.2919.3800

Microsoft ≫ Internet Explorer Version5.00.2919.6307

Microsoft ≫ Internet Explorer Version5.00.2920.0000

Microsoft ≫ Internet Explorer Version5.00.3103.1000

Microsoft ≫ Internet Explorer Version5.00.3105.0106

Microsoft ≫ Internet Explorer Version5.00.3314.2101

Microsoft ≫ Internet Explorer Version5.00.3315.1000

Microsoft ≫ Internet Explorer Version5.00.3502.1000

Microsoft ≫ Internet Explorer Version5.00.3700.1000

Microsoft ≫ Internet Explorer Version5.01

Microsoft ≫ Internet Explorer Version5.1

Microsoft ≫ Internet Explorer Version5.01 Updatesp1

Microsoft ≫ Internet Explorer Version5.01 Updatesp2

Microsoft ≫ Internet Explorer Version5.01 Updatesp3

Microsoft ≫ Internet Explorer Version5.01 Updatesp4

Microsoft ≫ Internet Explorer Version5.2.3

Microsoft ≫ Internet Explorer Version5.5

Microsoft ≫ Internet Explorer Version5.5 Updatepreview

Microsoft ≫ Internet Explorer Version5.5 Updatesp1

Microsoft ≫ Internet Explorer Version5.5 Updatesp2

Microsoft ≫ Internet Explorer Version5.50.3825.1300

Microsoft ≫ Internet Explorer Version5.50.4030.2400

Microsoft ≫ Internet Explorer Version5.50.4134.0100

Microsoft ≫ Internet Explorer Version5.50.4134.0600

Microsoft ≫ Internet Explorer Version5.50.4308.2900

Microsoft ≫ Internet Explorer Version5.50.4522.1800

Microsoft ≫ Internet Explorer Version5.50.4807.2300

Microsoft ≫ Internet Explorer Version6

Microsoft ≫ Internet Explorer Version6.0

Microsoft ≫ Internet Explorer Version6.00.2462.0000

Microsoft ≫ Internet Explorer Version6.00.2479.0006

Microsoft ≫ Internet Explorer Version6.0.2600

Microsoft ≫ Internet Explorer Version6.00.2600.0000

Microsoft ≫ Internet Explorer Version6.0.2800

Microsoft ≫ Internet Explorer Version6.0.2800.1106

Microsoft ≫ Internet Explorer Version6.0.2900

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	13.65%	0.936

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://websecurity.com.ua/3424/

http://www.securityfocus.com/archive/1/506006/100/0/threaded

https://nvd.nist.gov/vuln/detail/CVE-2009-2954

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-2954

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-2954

EUVD