This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Summuary | |
|---|---|
| CPE Name | cpe:/a:wireshark:wireshark:0.10.13 |
| Detail | |||
|---|---|---|---|
| Vendor | Wireshark | First view | 2006-07-21 |
| Product | Wireshark | Last view | 2010-08-13 |
| Version | 0.10.13 | Type | Application |
| Edition | |||
| Language | |||
| Update | |||
| CPE Product | cpe:/a:wireshark:wireshark | ||
Activity : Yearly
Related : CVE
| Date | Alert | Access Vector | Access Complexity | Authentification | ||
|---|---|---|---|---|---|---|
| 10 | 2010-08-13 | CVE-2010-2995 | Network | Low | None Requ... | |
| 10 | 2010-08-13 | CVE-2010-2994 | Network | Low | None Requ... | |
| 8.3 | 2010-06-15 | CVE-2010-2287 | Adjacent ... | Low | None Requ... | |
| 3.3 | 2010-06-15 | CVE-2010-2286 | Adjacent ... | Low | None Requ... | |
| 3.3 | 2010-06-15 | CVE-2010-2285 | Adjacent ... | Low | None Requ... | |
| Date | Alert | Access Vector | Access Complexity | Authentification | ||
|---|---|---|---|---|---|---|
| 8.3 | 2010-06-15 | CVE-2010-2284 | Adjacent ... | Low | None Requ... | |
| 9.3 | 2009-10-30 | CVE-2009-3829 | Network | Medium | None Requ... | |
| 4.3 | 2009-10-30 | CVE-2009-3550 | Network | Medium | None Requ... | |
| 10 | 2009-04-21 | CVE-2009-1266 | Network | Low | None Requ... | |
| 10 | 2009-04-01 | CVE-2009-1210 | Network | Low | None Requ... | |
| 5 | 2008-12-01 | CVE-2008-5285 | Network | Low | None Requ... | |
| 5 | 2008-09-04 | CVE-2008-3932 | Network | Low | None Requ... | |
| 4.7 | 2008-02-28 | CVE-2008-1072 | Local | Medium | None Requ... | |
| 4.3 | 2008-02-28 | CVE-2008-1071 | Network | Medium | None Requ... | |
| 5 | 2008-02-28 | CVE-2008-1070 | Network | Low | None Requ... | |
| 4.3 | 2007-11-23 | CVE-2007-6113 | Network | Medium | None Requ... | |
| 5 | 2007-06-25 | CVE-2007-3390 | Network | Low | None Requ... | |
| 5 | 2006-10-27 | CVE-2006-5595 | Network | Low | None Requ... | |
| 5 | 2006-10-27 | CVE-2006-5469 | Network | Low | None Requ... | |
| 5 | 2006-10-27 | CVE-2006-4805 | Network | Low | None Requ... | |
| 5 | 2006-10-27 | CVE-2006-4574 | Network | Low | None Requ... | |
| 5.4 | 2006-08-24 | CVE-2006-4333 | Network | High | None Requ... | |
| 5 | 2006-08-24 | CVE-2006-4332 | Network | Low | None Requ... | |
| 10 | 2006-07-21 | CVE-2006-3628 | Network | Low | None Requ... |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 35% (5) | CWE-399 | Resource Management Errors |
| 21% (3) | CWE-189 | Numeric Errors |
| 21% (3) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 14% (2) | CWE-134 | Uncontrolled Format String |
| 7% (1) | CWE-20 | Improper Input Validation |
CAPEC : Common Attack Pattern Enumeration & Classificatio
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Name |
|---|---|
| CAPEC-3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
| CAPEC-7 | Blind SQL Injection |
| CAPEC-8 | Buffer Overflow in an API Call |
| CAPEC-9 | Buffer Overflow in Local Command-Line Utilities |
| CAPEC-10 | Buffer Overflow via Environment Variables |
| id | Name |
|---|---|
| CAPEC-13 | Subverting Environment Variable Values |
| CAPEC-14 | Client-side Injection-induced Buffer Overflow |
| CAPEC-18 | Embedding Scripts in Nonscript Elements |
| CAPEC-22 | Exploiting Trust in Client (aka Make the Client Invisible) |
| CAPEC-24 | Filter Failure through Buffer Overflow |
| CAPEC-28 | Fuzzing |
| CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies |
| CAPEC-32 | Embedding Scripts in HTTP Query Strings |
| CAPEC-42 | MIME Conversion |
| CAPEC-43 | Exploiting Multiple Input Interpretation Layers |
| CAPEC-45 | Buffer Overflow via Symbolic Links |
| CAPEC-46 | Overflow Variables and Tags |
| CAPEC-47 | Buffer Overflow via Parameter Expansion |
| CAPEC-52 | Embedding NULL Bytes |
| CAPEC-53 | Postfix, Null Terminate, and Backslash |
| CAPEC-63 | Simple Script Injection |
| CAPEC-64 | Using Slashes and URL Encoding Combined to Bypass Validation Logic |
| CAPEC-66 | SQL Injection |
| CAPEC-67 | String Format Overflow in syslog() |
| CAPEC-71 | Using Unicode Encoding to Bypass Validation Logic |
Oval Markup Language : Definitions
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:11307 | Unspecified vulnerability in the GSM BSSMAP dissector in Wireshark (aka Ether... |
| oval:org.mitre.oval:def:9175 | Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to ... |
| oval:org.mitre.oval:def:11801 | The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows rem... |
| oval:org.mitre.oval:def:9740 | Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ether... |
| oval:org.mitre.oval:def:10199 | epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in Wiresh... |
| id | Name |
|---|---|
| oval:org.mitre.oval:def:9537 | Unspecified vulnerability in the WBXML dissector in Wireshark (formerly Ether... |
| oval:org.mitre.oval:def:14787 | AirPcap support vulnerability in Wireshark 0.99.3 |
| oval:org.mitre.oval:def:10865 | Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on certain systems, a... |
| oval:org.mitre.oval:def:9841 | Integer signedness error in the DNP3 dissector in Wireshark (formerly Etherea... |
| oval:org.mitre.oval:def:14995 | SCTP dissector vulnerability in Wireshark 0.99.5 through 0.99.7 |
| oval:org.mitre.oval:def:11378 | The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 all... |
| oval:org.mitre.oval:def:14784 | SNMP dissector vulnerability in Wireshark 0.99.6 through 0.99.7 |
| oval:org.mitre.oval:def:11633 | The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.7 all... |
| oval:org.mitre.oval:def:10188 | The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, whe... |
| oval:org.mitre.oval:def:11273 | Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to cause a... |
| oval:org.mitre.oval:def:11351 | Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of serv... |
| oval:org.mitre.oval:def:9526 | Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wiresha... |
| oval:org.mitre.oval:def:5976 | Wireshark PROFINET/DCP (PN-DCP) dissector Denial of Service Vulnerability |
| oval:org.mitre.oval:def:6005 | Wireshark DoS Vulnerability due to the DCERPC/NT dissector |
| oval:org.mitre.oval:def:10103 | The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through ... |
| oval:org.mitre.oval:def:9945 | Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote att... |
| oval:org.mitre.oval:def:5979 | Wireshark Integer overflow vulnerability in wiretap/erf.c |
| oval:org.mitre.oval:def:11888 | Wireshark Dissector LWRES Multiple Buffer Overflow Vulnerabilities |
| oval:org.mitre.oval:def:11488 | Wireshark Dissector LWRES Multiple Buffer Overflow Vulnerabilities |
| oval:org.mitre.oval:def:11792 | Wireshark Dissector LWRES Multiple Buffer Overflow Vulnerabilities |
Open Source Vulnerability Database (OSVDB)
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Description |
|---|---|
| 67191 | Wireshark SigComp Universal Decompressor Virtual Machine sigcomp-udvm.c Off-b... |
| 65375 | Wireshark SigComp Universal Decompressor Virtual Machine Overflow |
| 65374 | Wireshark SigComp Universal Decompressor Virtual Machine Infinite Loop DoS |
| 65373 | Wireshark SMB PIPE Dissector NULL Dereference DoS |
| 65372 | Wireshark ASN.1 BER Dissector Overflow |
| id | Description |
|---|---|
| 59478 | Wireshark wiretap/erf.c Unsigned Integer Wrap ERF File Handling Overflow |
| 59460 | Wireshark DCERPC/NT Dissector Unspecified DoS |
| 53903 | Wireshark Unspecified Issue |
| 52996 | Wireshark PN-DCP Dissector Station Name Handling Format String |
| 50069 | Wireshark SMTP Dissector Packet Handling Infinite Loop DoS |
| 47932 | Wireshark NCP Dissector Unspecified Infinite Loop DoS |
| 42577 | Wireshark TFTP Dissector Malformed Packet Handling Remote DoS |
| 42576 | Wireshark SNMP Dissector Malformed Packet Handling Remote DoS |
| 42575 | Wireshark SCTP Dissector Malformed Packet Handling Remote DoS |
| 40456 | Wireshark DNP3 Dissector Malformed Packet Handling Remote Infinite Loop DoS |
| 37642 | Wireshark Crafted iSeries Capture File Handling Remote DoS |
| 30073 | Wireshark AirPcap Support WEP Key Processing DoS |
| 30072 | Wireshark MIME Multipart Dissector Off-by-one |
| 30071 | Wireshark WBXML Dissector Unspecified DoS |
| 30070 | Wireshark XOT Dissector Unspecified Resource Consumption DoS |
| 28199 | Wireshark Q.2931 Dissector Crafted Packet Remote DoS |
| 28198 | Wireshark DHCP Dissector w/ Glib Unspecified DoS |
| 27369 | Wireshark NTP Dissector Format String Flaw |
| 27364 | Wireshark XML Dissector Format String Flaw |
| 27363 | Wireshark MQ Dissector Format String Flaw |
Milw0rm Exploits
| id | Description |
|---|---|
| 2009-03-30 | Wireshark <= 1.0.6 PN-DCP Format String Exploit PoC |
| 2007-08-31 | Wireshark < 0.99.5 DNP3 Dissector Infinite Loop Exploit |
