Executive Summary

Informations
Name CVE-2008-5180 First vendor Publication 2008-11-20
Vendor Cve Last vendor Modification 2024-02-02

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5180

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-2 Inducing Account Lockout
CAPEC-82 Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi...
CAPEC-99 XML Parser Attack
CAPEC-119 Resource Depletion
CAPEC-121 Locate and Exploit Test APIs
CAPEC-125 Resource Depletion through Flooding
CAPEC-130 Resource Depletion through Allocation
CAPEC-147 XML Ping of Death
CAPEC-197 XEE (XML Entity Expansion)
CAPEC-227 Denial of Service through Resource Depletion
CAPEC-228 Resource Depletion through DTD Injection in a SOAP Message
CAPEC-229 XML Attribute Blowup

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-770 Allocation of Resources Without Limits or Throttling

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

ExploitDB Exploits

id Description
2008-11-28 Microsoft Office Communicator (SIP) Remote Denial of Service Exploit

Open Source Vulnerability Database (OSVDB)

Id Description
50320 Microsoft Communicator SIP INVITE Request Handling Session Saturation DoS

Snort® IPS/IDS

Date Description
2014-01-10 INVITE flood
RuleID : 20397 - Revision : 6 - Type : PROTOCOL-VOIP
2014-01-10 INVITE flood attempt
RuleID : 20396 - Revision : 8 - Type : PROTOCOL-VOIP

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/39221
EXPLOIT-DB http://www.exploit-db.com/exploits/12079
https://www.exploit-db.com/exploits/7262
MISC http://www.voipshield.com/research-details.php?id=133
SECTRACK http://www.securitytracker.com/id?1021294
SECUNIA http://secunia.com/advisories/32940
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/46673
https://exchange.xforce.ibmcloud.com/vulnerabilities/57581

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
Date Informations
2024-02-02 09:28:18
  • Multiple Updates
2021-05-04 12:08:23
  • Multiple Updates
2021-04-22 01:08:45
  • Multiple Updates
2020-05-23 00:22:36
  • Multiple Updates
2017-09-29 09:23:49
  • Multiple Updates
2017-08-08 09:24:31
  • Multiple Updates
2016-04-26 18:03:09
  • Multiple Updates
2014-01-19 21:25:26
  • Multiple Updates
2013-05-11 00:30:55
  • Multiple Updates