CVE-2006-2093

Published Apr 29, 2006

Last updated 3 months ago

CVSS info 2.6

Overview

Description: Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attackers to cause a denial of service (memory consumption) via a NASL script that calls split with an invalid sep parameter. NOTE: a design goal of the NASL language is to facilitate sharing of security tests by guaranteeing that a script "can not do anything nasty." This issue is appropriate for CVE only if Nessus users have an expectation that a split statement will not use excessive memory.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 2.6
Impact score: 2.9
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-399

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:nessus:nessus:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "893B7354-62EB-470D-97F2-AED3A424B30D",
            "versionEndIncluding": "2.2.7"
          },
          {
            "criteria": "cpe:2.3:a:nessus:nessus:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "757C2A87-10EA-48A5-890E-1779FBFEE0A0",
            "versionEndIncluding": "3.0.2"
          },
          {
            "criteria": "cpe:2.3:a:nessus:nessus:2.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34121C2E-978F-4D68-969A-558886F29CF8"
          },
          {
            "criteria": "cpe:2.3:a:nessus:nessus:2.2.0_rc1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53E34C0B-AAC7-4117-8E68-D32FEBB9ABCB"
          },
          {
            "criteria": "cpe:2.3:a:nessus:nessus:2.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DD466D6-094E-4F89-AA7E-8C958D751206"
          },
          {
            "criteria": "cpe:2.3:a:nessus:nessus:2.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10E2F716-1BE6-4F06-80A2-C03F60F58E3F"
          },
          {
            "criteria": "cpe:2.3:a:nessus:nessus:2.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B73F0FA-8454-4291-98D1-9F7A99373557"
          },
          {
            "criteria": "cpe:2.3:a:nessus:nessus:2.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "511BAE3E-16F4-4451-84D7-AAEB1FD3A87A"
          },
          {
            "criteria": "cpe:2.3:a:nessus:nessus:2.2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BEF4E5AB-816A-4B1D-8901-6551C14B6688"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References