This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Summuary | |
|---|---|
| CPE Name | cpe:/a:wireshark:wireshark:0.10.3 |
| Detail | |||
|---|---|---|---|
| Vendor | Wireshark | First view | 2007-02-02 |
| Product | Wireshark | Last view | 2009-10-30 |
| Version | 0.10.3 | Type | Application |
| Edition | |||
| Language | |||
| Update | |||
| CPE Product | cpe:/a:wireshark:wireshark | ||
Activity : Yearly
Related : CVE
| Date | Alert | Access Vector | Access Complexity | Authentification | ||
|---|---|---|---|---|---|---|
| 9.3 | 2009-10-30 | CVE-2009-3829 | Network | Medium | None Requ... | |
| 4.3 | 2009-10-30 | CVE-2009-3550 | Network | Medium | None Requ... | |
| 10 | 2009-04-21 | CVE-2009-1266 | Network | Low | None Requ... | |
| 10 | 2009-04-01 | CVE-2009-1210 | Network | Low | None Requ... | |
| 5 | 2008-12-01 | CVE-2008-5285 | Network | Low | None Requ... | |
| Date | Alert | Access Vector | Access Complexity | Authentification | ||
|---|---|---|---|---|---|---|
| 5 | 2008-10-22 | CVE-2008-4685 | Network | Low | None Requ... | |
| 3.3 | 2008-09-04 | CVE-2008-3933 | Adjacent ... | Low | None Requ... | |
| 5 | 2008-09-04 | CVE-2008-3932 | Network | Low | None Requ... | |
| 4.3 | 2007-11-23 | CVE-2007-6113 | Network | Medium | None Requ... | |
| 5 | 2007-06-25 | CVE-2007-3390 | Network | Low | None Requ... | |
| 4.3 | 2007-02-02 | CVE-2007-0457 | Network | Medium | None Requ... |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 28% (2) | CWE-399 | Resource Management Errors |
| 28% (2) | CWE-189 | Numeric Errors |
| 28% (2) | CWE-20 | Improper Input Validation |
| 14% (1) | CWE-134 | Uncontrolled Format String |
CAPEC : Common Attack Pattern Enumeration & Classificatio
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Name |
|---|---|
| CAPEC-3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
| CAPEC-7 | Blind SQL Injection |
| CAPEC-8 | Buffer Overflow in an API Call |
| CAPEC-9 | Buffer Overflow in Local Command-Line Utilities |
| CAPEC-10 | Buffer Overflow via Environment Variables |
| id | Name |
|---|---|
| CAPEC-13 | Subverting Environment Variable Values |
| CAPEC-14 | Client-side Injection-induced Buffer Overflow |
| CAPEC-18 | Embedding Scripts in Nonscript Elements |
| CAPEC-22 | Exploiting Trust in Client (aka Make the Client Invisible) |
| CAPEC-24 | Filter Failure through Buffer Overflow |
| CAPEC-28 | Fuzzing |
| CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies |
| CAPEC-32 | Embedding Scripts in HTTP Query Strings |
| CAPEC-42 | MIME Conversion |
| CAPEC-43 | Exploiting Multiple Input Interpretation Layers |
| CAPEC-45 | Buffer Overflow via Symbolic Links |
| CAPEC-46 | Overflow Variables and Tags |
| CAPEC-47 | Buffer Overflow via Parameter Expansion |
| CAPEC-52 | Embedding NULL Bytes |
| CAPEC-53 | Postfix, Null Terminate, and Backslash |
| CAPEC-63 | Simple Script Injection |
| CAPEC-64 | Using Slashes and URL Encoding Combined to Bypass Validation Logic |
| CAPEC-66 | SQL Injection |
| CAPEC-67 | String Format Overflow in syslog() |
| CAPEC-71 | Using Unicode Encoding to Bypass Validation Logic |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:11003 | Unspecified vulnerability in the IEEE 802.11 dissector in Wireshark (formerly... |
| oval:org.mitre.oval:def:10865 | Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on certain systems, a... |
| oval:org.mitre.oval:def:9841 | Integer signedness error in the DNP3 dissector in Wireshark (formerly Etherea... |
| oval:org.mitre.oval:def:11273 | Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to cause a... |
| oval:org.mitre.oval:def:9620 | Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers to cause... |
| id | Name |
|---|---|
| oval:org.mitre.oval:def:10788 | Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-... |
| oval:org.mitre.oval:def:11351 | Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of serv... |
| oval:org.mitre.oval:def:9526 | Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wiresha... |
| oval:org.mitre.oval:def:5976 | Wireshark PROFINET/DCP (PN-DCP) dissector Denial of Service Vulnerability |
| oval:org.mitre.oval:def:6005 | Wireshark DoS Vulnerability due to the DCERPC/NT dissector |
| oval:org.mitre.oval:def:10103 | The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through ... |
| oval:org.mitre.oval:def:9945 | Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote att... |
| oval:org.mitre.oval:def:5979 | Wireshark Integer overflow vulnerability in wiretap/erf.c |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 59478 | Wireshark wiretap/erf.c Unsigned Integer Wrap ERF File Handling Overflow |
| 59460 | Wireshark DCERPC/NT Dissector Unspecified DoS |
| 53903 | Wireshark Unspecified Issue |
| 52996 | Wireshark PN-DCP Dissector Station Name Handling Format String |
| 50069 | Wireshark SMTP Dissector Packet Handling Infinite Loop DoS |
| id | Description |
|---|---|
| 49345 | Wireshark Q.931 Dissector packet-q931.c dissect_q931_cause_ie Function Use-af... |
| 47933 | Wireshark zlib-compressed Packet Data Uncompression DoS |
| 47932 | Wireshark NCP Dissector Unspecified Infinite Loop DoS |
| 40456 | Wireshark DNP3 Dissector Malformed Packet Handling Remote Infinite Loop DoS |
| 37642 | Wireshark Crafted iSeries Capture File Handling Remote DoS |
| 33074 | Wireshark IEEE 802.11 Dissector Unspecified DoS |
Milw0rm Exploits
| id | Description |
|---|---|
| 2009-03-30 | Wireshark <= 1.0.6 PN-DCP Format String Exploit PoC |
| 2007-08-31 | Wireshark < 0.99.5 DNP3 Dissector Infinite Loop Exploit |
