PT-2010-2145 · Zeus · Zeus Web Server

Published

2010-01-20

Updated

2010-01-21

CVE-2010-0359

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Zeus Web Server versions prior to 4.3r5

Description The issue is related to a buffer overflow in the SSLv2 support, which can be triggered by a long string in an invalid Client Hello message. This can cause a denial of service, resulting in a daemon crash, or potentially allow the execution of arbitrary code.

Recommendations For versions prior to 4.3r5, update to version 4.3r5 or later to resolve the issue. As a temporary workaround, consider disabling SSLv2 support until a patch is available. Restrict access to the SSLv2 functionality to minimize the risk of exploitation.

Exploit

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2010-0359

Affected Products

Zeus Web Server

PT-2010-2145 · Zeus · Zeus Web Server

CVE-2010-0359

Weakness Enumeration

Related Identifiers

Affected Products

References · 12