Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0877


Vulnerability Score 5.0 5.0
CVE Id CVE-2001-0877
Last Modified 05 Sep 2008 04:25:08
Published 20 Dec 2001 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP advertisement that causes the client to connect to a service on another machine that generates a large amount of traffic (e.g., chargen), or (2) via a spoofed SSDP announcement to broadcast or multicast addresses, which could cause all UPnP clients to send traffic to a single target system.

Vulnerable Systems

Operating System

  • Microsoft Windows 98

  • Microsoft Windows 98se

  • Microsoft Windows Me

  • Microsoft Windows Xp


CERT - CA-2001-37

CERT-VN - VU#411059

XF - win-upnp-udp-dos(7722)

MS - MS01-059

BUGTRAQ - 20020109 UPNP Denial of Service

BUGTRAQ - 20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities

BID - 3724

CIAC - M-030

Last Updated: 27 May 2016 10:36:26