| Vulnerability Name: | CVE-2009-4500 (CCN-54731) | ||||||||
| Assigned: | 2009-12-14 | ||||||||
| Published: | 2009-12-14 | ||||||||
| Updated: | 2010-01-12 | ||||||||
| Summary: | The process_trap function in trapper/trapper.c in Zabbix Server before 1.6.6 allows remote attackers to cause a denial of service (crash) via a crafted request with data that lacks an expected : (colon) separator, which triggers a NULL pointer dereference. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P) 4.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C)
4.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-119 | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: MITRE Type: CNA CVE-2009-4500 Source: CCN Type: SA37740 ZABBIX Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 37740 Source: CCN Type: OSVDB ID: 60967 ZABBIX zabbix_server/trapper/trapper.c process_trap() Function NULL Dereference DoS Source: BUGTRAQ Type: UNKNOWN 20091213 Zabbix Server : Multiple remote vulnerabilities Source: CCN Type: BID-37308 ZABBIX 'process_trap()' NULL Pointer Dereference Denial Of Service Vulnerability Source: VUPEN Type: Vendor Advisory ADV-2009-3514 Source: CCN Type: ZABBIX Web site ZABBIX Source: XF Type: UNKNOWN zabbix-processtrap-dos(54731) Source: CCN Type: ZBX-993 DoS in Zabbix Server Source: CONFIRM Type: Vendor Advisory https://support.zabbix.com/browse/ZBX-993 Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [12-14-2009] | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||