Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0877

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2001-0877
Last Modified 05 Sep 2008 04:25:08
Published 20 Dec 2001 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-0877

Summary

Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP advertisement that causes the client to connect to a service on another machine that generates a large amount of traffic (e.g., chargen), or (2) via a spoofed SSDP announcement to broadcast or multicast addresses, which could cause all UPnP clients to send traffic to a single target system.

Vulnerable Systems

Operating System

  • Microsoft Windows 98

  • Microsoft Windows 98se

  • Microsoft Windows Me

  • Microsoft Windows Xp


References

CERT - CA-2001-37

CERT-VN - VU#411059

XF - win-upnp-udp-dos(7722)

MS - MS01-059

BUGTRAQ - 20020109 UPNP Denial of Service

BUGTRAQ - 20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities

BID - 3724

CIAC - M-030


Last Updated: 27 May 2016 10:36:26