9.8

CVE-2015-7705

The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NtpNtp Version >= 4.2.0 < 4.2.8
NtpNtp Version >= 4.3.0 < 4.3.77
NtpNtp Version4.2.8 Update-
NtpNtp Version4.2.8 Updatep1
NtpNtp Version4.2.8 Updatep1-beta1
NtpNtp Version4.2.8 Updatep1-beta2
NtpNtp Version4.2.8 Updatep1-beta3
NtpNtp Version4.2.8 Updatep1-beta4
NtpNtp Version4.2.8 Updatep1-beta5
NtpNtp Version4.2.8 Updatep1-rc1
NtpNtp Version4.2.8 Updatep1-rc2
NtpNtp Version4.2.8 Updatep2
NtpNtp Version4.2.8 Updatep2-rc1
NtpNtp Version4.2.8 Updatep2-rc2
NtpNtp Version4.2.8 Updatep2-rc3
NtpNtp Version4.2.8 Updatep3
NtpNtp Version4.2.8 Updatep3-rc1
NtpNtp Version4.2.8 Updatep3-rc2
NtpNtp Version4.2.8 Updatep3-rc3
NetappOncommand Unified Manager Version- SwPlatformclustered_data_ontap
NetappData Ontap Version- SwPlatform7-mode
CitrixXenserver Version6.0.2
CitrixXenserver Version6.2.0 Update-
CitrixXenserver Version6.5 Update-
CitrixXenserver Version7.0
SiemensTim 4r-ie Firmware
   SiemensTim 4r-ie Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 12.35% 0.957
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
Third Party Advisory
https://security.gentoo.org/glsa/201607-15
Third Party Advisory
VDB Entry
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
Third Party Advisory
US Government Resource
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
http://www.securitytracker.com/id/1033951
Third Party Advisory
VDB Entry
https://security.netapp.com/advisory/ntap-20171004-0001/
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
https://www.kb.cert.org/vuls/id/718152
Third Party Advisory
US Government Resource
https://support.citrix.com/article/CTX220112
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
http://www.ubuntu.com/usn/USN-2783-1
https://www.cs.bu.edu/~goldbe/NTPattack.html
Not Applicable
http://support.ntp.org/bin/view/Main/NtpBug2901
Vendor Advisory
http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_4_2_8p4_Securit
Vendor Advisory
Release Notes
https://eprint.iacr.org/2015/1020.pdf
Technical Description
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839
Third Party Advisory
VDB Entry
https://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016
http://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html
http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp
http://www.securityfocus.com/archive/1/536737/100/0/threaded
http://www.securityfocus.com/archive/1/536796/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/536737/100/100/threaded
http://www.securityfocus.com/archive/1/archive/1/536796/100/100/threaded
http://www.securityfocus.com/bid/77284
Third Party Advisory
VDB Entry
https://bto.bluecoat.com/security-advisory/sa103
https://bugzilla.redhat.com/show_bug.cgi?id=1274184
Third Party Advisory
VDB Entry
Issue Tracking