CVE-2008-5180 - OpenCVE

Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Office Communicator

Configuration 1 [-]

cpe:2.3:a:microsoft:office_communicator:*:*:*:*:*:*:*:*

References

Link	Resource
http://secunia.com/advisories/32940	Broken Link
http://www.exploit-db.com/exploits/12079	Exploit Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/39221	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1021294	Broken Link Third Party Advisory VDB Entry
http://www.voipshield.com/research-details.php?id=133	Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/46673	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/57581	Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/7262	Exploit Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-11-20T15:00:00

Updated: 2017-09-28T12:57:01

Reserved: 2008-11-20T00:00:00

Link: CVE-2008-5180

JSON object: View

NVD Information

Status : Analyzed

Published: 2008-11-20T15:30:00.390

Modified: 2024-02-02T03:07:25.887

Link: CVE-2008-5180

JSON object: View

Redhat Information

No data.

CWE

CWE-770

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-11-11T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "7262", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/7262"}, {"name": "39221", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/39221"}, {"name": "microsoft-communicator-invite-dos(46673)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46673"}, {"name": "1021294", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1021294"}, {"name": "12079", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/12079"}, {"name": "office-communicator-sip-dos(57581)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57581"}, {"tags": ["x_refsource_MISC"], "url": "http://www.voipshield.com/research-details.php?id=133"}, {"name": "32940", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32940"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5180", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "7262", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/7262"}, {"name": "39221", "refsource": "BID", "url": "http://www.securityfocus.com/bid/39221"}, {"name": "microsoft-communicator-invite-dos(46673)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46673"}, {"name": "1021294", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1021294"}, {"name": "12079", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/12079"}, {"name": "office-communicator-sip-dos(57581)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57581"}, {"name": "http://www.voipshield.com/research-details.php?id=133", "refsource": "MISC", "url": "http://www.voipshield.com/research-details.php?id=133"}, {"name": "32940", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32940"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5180", "datePublished": "2008-11-20T15:00:00", "dateReserved": "2008-11-20T00:00:00", "dateUpdated": "2017-09-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office_communicator:*:*:*:*:*:*:*:*", "matchCriteriaId": "D228E116-E6AA-4542-9294-0A946D29B704", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions."}, {"lang": "es", "value": "Microsoft Communicator permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de un gran numero de solicitudes SIP INVITE que produce la creaci\u00f3n de muchas sesiones."}], "id": "CVE-2008-5180", "lastModified": "2024-02-02T03:07:25.887", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-11-20T15:30:00.390", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/32940"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://www.exploit-db.com/exploits/12079"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/39221"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1021294"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.voipshield.com/research-details.php?id=133"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46673"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57581"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/7262"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}]}