CVE-2015-7705

EPSS 25%
Published 07.08.2017 20:29:00
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.

Affected products Warnungen 0 Metrics 3 CWE 1 References 39

Data is provided by the National Vulnerability Database (NVD)

Ntp ≫ Ntp Version >= 4.2.0 < 4.2.8

Ntp ≫ Ntp Version >= 4.3.0 < 4.3.77

Ntp ≫ Ntp Version4.2.8 Update-

Ntp ≫ Ntp Version4.2.8 Updatep1

Ntp ≫ Ntp Version4.2.8 Updatep1-beta1

Ntp ≫ Ntp Version4.2.8 Updatep1-beta2

Ntp ≫ Ntp Version4.2.8 Updatep1-beta3

Ntp ≫ Ntp Version4.2.8 Updatep1-beta4

Ntp ≫ Ntp Version4.2.8 Updatep1-beta5

Ntp ≫ Ntp Version4.2.8 Updatep1-rc1

Ntp ≫ Ntp Version4.2.8 Updatep1-rc2

Ntp ≫ Ntp Version4.2.8 Updatep2

Ntp ≫ Ntp Version4.2.8 Updatep2-rc1

Ntp ≫ Ntp Version4.2.8 Updatep2-rc2

Ntp ≫ Ntp Version4.2.8 Updatep2-rc3

Ntp ≫ Ntp Version4.2.8 Updatep3

Ntp ≫ Ntp Version4.2.8 Updatep3-rc1

Ntp ≫ Ntp Version4.2.8 Updatep3-rc2

Ntp ≫ Ntp Version4.2.8 Updatep3-rc3

Netapp ≫ Oncommand Performance Manager Version-

Netapp ≫ Oncommand Unified Manager Version- SwPlatformclustered_data_ontap

Netapp ≫ Clustered Data Ontap Version-

Netapp ≫ Data Ontap Version- SwPlatform7-mode

Citrix ≫ Xenserver Version6.0.2

Citrix ≫ Xenserver Version6.2.0 Update-

Citrix ≫ Xenserver Version6.5 Update-

Citrix ≫ Xenserver Version7.0

Siemens ≫ Tim 4r-ie Firmware

Siemens ≫ Tim 4r-ie Version-

Siemens ≫ Tim 4r-ie Dnp3 Firmware

Siemens ≫ Tim 4r-ie Dnp3 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	25%	0.96

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf

Third Party Advisory

https://security.gentoo.org/glsa/201607-15

Third Party Advisory

VDB Entry

https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11

Third Party Advisory

US Government Resource

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html

https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf