CVE-2006-5179
Published Oct 10, 2006
Last updated 14 years ago
Overview
- Description
- Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification, a related issue to CVE-2006-2940.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5.4
- Impact score
- 6.9
- Exploitability score
- 4.9
- Vector string
- AV:N/AC:H/Au:N/C:N/I:N/A:C
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Social media
- Hype score
- Not currently trending
Evaluator
- Comment
- -
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intoto:igateway_ssl-vpn:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB142A4C-E7B6-43D8-A376-32C6A77FB7BF"
},
{
"criteria": "cpe:2.3:h:intoto:igateway_vpn:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB91D1AA-041F-4BF2-B9FE-EFF3BC0E5266"
}
],
"operator": "OR"
}
]
}
]