Executive Summary

Informations
NameCVE-2008-5180First vendor Publication2008-11-20
VendorCveLast vendor Modification2017-09-28

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5180

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-2Inducing Account Lockout
CAPEC-82Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi...
CAPEC-99XML Parser Attack
CAPEC-119Resource Depletion
CAPEC-121Locate and Exploit Test APIs
CAPEC-125Resource Depletion through Flooding
CAPEC-130Resource Depletion through Allocation
CAPEC-147XML Ping of Death
CAPEC-197XEE (XML Entity Expansion)
CAPEC-227Denial of Service through Resource Depletion
CAPEC-228Resource Depletion through DTD Injection in a SOAP Message
CAPEC-229XML Attribute Blowup

CWE : Common Weakness Enumeration

%idName
100 %CWE-399Resource Management Errors

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1

ExploitDB Exploits

idDescription
2008-11-28Microsoft Office Communicator (SIP) Remote Denial of Service Exploit

Open Source Vulnerability Database (OSVDB)

idDescription
50320Microsoft Communicator SIP INVITE Request Handling Session Saturation DoS

Snort® IPS/IDS

DateDescription
2014-01-10INVITE flood
RuleID : 20397 - Revision : 4 - Type : PROTOCOL-VOIP
2014-01-10INVITE flood attempt
RuleID : 20396 - Revision : 7 - Type : PROTOCOL-VOIP

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/39221
EXPLOIT-DB http://www.exploit-db.com/exploits/12079
https://www.exploit-db.com/exploits/7262
MISC http://www.voipshield.com/research-details.php?id=133
SECTRACK http://www.securitytracker.com/id?1021294
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/46673
https://exchange.xforce.ibmcloud.com/vulnerabilities/57581

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
DateInformations
2017-09-29 09:23:49
  • Multiple Updates
2017-08-08 09:24:31
  • Multiple Updates
2016-04-26 18:03:09
  • Multiple Updates
2014-01-19 21:25:26
  • Multiple Updates
2013-05-11 00:30:55
  • Multiple Updates