VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-z1hp-6qm3-aaac

Essentials
Severities (117)
References (28)
Severity details (29)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-z1hp-6qm3-aaac
Aliases	CVE-2009-3695 GHSA-p6m5-h7pp-v2x5 PYSEC-2009-4
Summary	Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of backtracking in a regular expression.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (5)

CWE-400	Uncontrolled Resource Consumption
CWE-407	Inefficient Algorithmic Complexity
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1333	Inefficient Regular Expression Complexity

System	Score	Found at
cvssv3.1	7.5	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550457
generic_textual	HIGH	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550457
cvssv3.1	7.5	http://groups.google.com/group/django-users/browse_thread/thread/15df9e45118dfc51
generic_textual	HIGH	http://groups.google.com/group/django-users/browse_thread/thread/15df9e45118dfc51
epss	0.00981	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01012	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01012	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01012	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01012	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01012	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01012	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01012	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01012	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01012	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01012	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01012	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01012	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01012	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01012	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01012	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01012	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01012	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01012	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01012	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.06084	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.06084	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.06084	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.06084	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.06084	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.06084	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.06084	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.06084	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.06084	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.06084	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.06084	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.06084	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.06767	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.06767	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.06767	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
epss	0.06767	https://api.first.org/data/v1/epss?cve=CVE-2009-3695
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=528246
cvssv3.1	7.5	https://exchange.xforce.ibmcloud.com/vulnerabilities/53727
generic_textual	HIGH	https://exchange.xforce.ibmcloud.com/vulnerabilities/53727
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-p6m5-h7pp-v2x5
cvssv3.1	3.7	https://github.com/django/django
generic_textual	MODERATE	https://github.com/django/django
cvssv3.1	7.5	https://github.com/django/django/commit/594a28a9044120bed58671dde8a805c9e0f6c79a
generic_textual	HIGH	https://github.com/django/django/commit/594a28a9044120bed58671dde8a805c9e0f6c79a
cvssv3.1	7.5	https://github.com/django/django/commit/e3e992e18b368fcd56aabafc1b5bf80a6e11b495
generic_textual	HIGH	https://github.com/django/django/commit/e3e992e18b368fcd56aabafc1b5bf80a6e11b495
cvssv3.1	7.5	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2009-4.yaml
generic_textual	HIGH	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2009-4.yaml
cvssv2	5.0	https://nvd.nist.gov/vuln/detail/CVE-2009-3695
cvssv3.1	7.5	https://web.archive.org/web/20091013093057/http://secunia.com/advisories/36968
generic_textual	HIGH	https://web.archive.org/web/20091013093057/http://secunia.com/advisories/36968
cvssv3.1	7.5	https://web.archive.org/web/20091017070244/http://secunia.com/advisories/36948
generic_textual	HIGH	https://web.archive.org/web/20091017070244/http://secunia.com/advisories/36948
cvssv3.1	7.5	https://web.archive.org/web/20200228171918/http://www.securityfocus.com/bid/36655
generic_textual	HIGH	https://web.archive.org/web/20200228171918/http://www.securityfocus.com/bid/36655
cvssv3.1	7.5	http://www.debian.org/security/2009/dsa-1905
generic_textual	HIGH	http://www.debian.org/security/2009/dsa-1905
cvssv3.1	7.5	http://www.djangoproject.com/weblog/2009/oct/09/security
generic_textual	HIGH	http://www.djangoproject.com/weblog/2009/oct/09/security
cvssv3.1	7.5	http://www.openwall.com/lists/oss-security/2009/10/13/6
generic_textual	HIGH	http://www.openwall.com/lists/oss-security/2009/10/13/6

Reference id	Reference type	URL
		http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550457
		http://groups.google.com/group/django-users/browse_thread/thread/15df9e45118dfc51
		http://groups.google.com/group/django-users/browse_thread/thread/15df9e45118dfc51/
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3695.json
		https://api.first.org/data/v1/epss?cve=CVE-2009-3695
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3695
		http://secunia.com/advisories/36948
		http://secunia.com/advisories/36968
		https://exchange.xforce.ibmcloud.com/vulnerabilities/53727
		https://github.com/django/django
		https://github.com/django/django/commit/594a28a9044120bed58671dde8a805c9e0f6c79a
		https://github.com/django/django/commit/e3e992e18b368fcd56aabafc1b5bf80a6e11b495
		https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2009-4.yaml
		https://web.archive.org/web/20091013093057/http://secunia.com/advisories/36968
		https://web.archive.org/web/20091017070244/http://secunia.com/advisories/36948
		https://web.archive.org/web/20200228171918/http://www.securityfocus.com/bid/36655
		http://www.debian.org/security/2009/dsa-1905
		http://www.djangoproject.com/weblog/2009/oct/09/security
		http://www.djangoproject.com/weblog/2009/oct/09/security/
		http://www.openwall.com/lists/oss-security/2009/10/13/6
		http://www.securityfocus.com/bid/36655
		http://www.vupen.com/english/advisories/2009/2871
528246		https://bugzilla.redhat.com/show_bug.cgi?id=528246
550457		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550457
cpe:2.3:a:djangoproject:django:1.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.0:::::::*
cpe:2.3:a:djangoproject:django:1.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.1:::::::*
CVE-2009-3695		https://nvd.nist.gov/vuln/detail/CVE-2009-3695
GHSA-p6m5-h7pp-v2x5		https://github.com/advisories/GHSA-p6m5-h7pp-v2x5

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550457

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://groups.google.com/group/django-users/browse_thread/thread/15df9e45118dfc51

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://exchange.xforce.ibmcloud.com/vulnerabilities/53727

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/django/django

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/django/django/commit/594a28a9044120bed58671dde8a805c9e0f6c79a

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/django/django/commit/e3e992e18b368fcd56aabafc1b5bf80a6e11b495

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2009-4.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2009-3695

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://web.archive.org/web/20091013093057/http://secunia.com/advisories/36968

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://web.archive.org/web/20091017070244/http://secunia.com/advisories/36948

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://web.archive.org/web/20200228171918/http://www.securityfocus.com/bid/36655

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.debian.org/security/2009/dsa-1905

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.djangoproject.com/weblog/2009/oct/09/security

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.openwall.com/lists/oss-security/2009/10/13/6

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.62853
EPSS Score	0.00981
Published At	March 29, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.