CVE-2019-6973 - OpenCVE

Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka non-threaded operation) with a timeout of several seconds.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Sricam	Sh026 Sp023 Sp017 Nvs001 Sp012 Sp019 Sh027 Sp009 Sh016 Sh024 Sp020 Sp015 Sp007 Sp018 Sp008
Genivia	Gsoap

Configuration 1 [-]

AND

cpe:2.3:a:genivia:gsoap:2.8.0:*:*:*:*:*:*:*

OR	cpe:2.3:h:sricam:nvs001:-:::::::*
	cpe:2.3:h:sricam:sh016:-:::::::*
	cpe:2.3:h:sricam:sh024:-:::::::*
	cpe:2.3:h:sricam:sh026:-:::::::*
	cpe:2.3:h:sricam:sh027:-:::::::*
	cpe:2.3:h:sricam:sp007:-:::::::*
	cpe:2.3:h:sricam:sp008:-:::::::*
	cpe:2.3:h:sricam:sp009:-:::::::*
	cpe:2.3:h:sricam:sp012:-:::::::*
	cpe:2.3:h:sricam:sp015:-:::::::*
	cpe:2.3:h:sricam:sp017:-:::::::*
	cpe:2.3:h:sricam:sp018:-:::::::*
	cpe:2.3:h:sricam:sp019:-:::::::*
	cpe:2.3:h:sricam:sp020:-:::::::*
	cpe:2.3:h:sricam:sp023:-:::::::*

References

Link	Resource
http://packetstormsecurity.com/files/151377/Sricam-gSOAP-2.8-Denial-Of-Service.html	Exploit Third Party Advisory VDB Entry
https://github.com/bitfu/sricam-gsoap2.8-dos-exploit	Third Party Advisory
https://www.exploit-db.com/exploits/46261/	Exploit VDB Entry Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-03-17T18:12:13

Updated: 2019-03-17T18:12:13

Reserved: 2019-01-25T00:00:00

Link: CVE-2019-6973

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-03-21T16:01:10.423

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-6973

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-01-25T00:00:00", "descriptions": [{"lang": "en", "value": "Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka non-threaded operation) with a timeout of several seconds."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-03-17T18:12:13", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "46261", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/46261/"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/151377/Sricam-gSOAP-2.8-Denial-Of-Service.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/bitfu/sricam-gsoap2.8-dos-exploit"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-6973", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka non-threaded operation) with a timeout of several seconds."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "46261", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/46261/"}, {"name": "http://packetstormsecurity.com/files/151377/Sricam-gSOAP-2.8-Denial-Of-Service.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/151377/Sricam-gSOAP-2.8-Denial-Of-Service.html"}, {"name": "https://github.com/bitfu/sricam-gsoap2.8-dos-exploit", "refsource": "MISC", "url": "https://github.com/bitfu/sricam-gsoap2.8-dos-exploit"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-6973", "datePublished": "2019-03-17T18:12:13", "dateReserved": "2019-01-25T00:00:00", "dateUpdated": "2019-03-17T18:12:13", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:genivia:gsoap:2.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "B0D1493E-5DB4-47BF-9687-D8B1F4F9F9C9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sricam:nvs001:-:*:*:*:*:*:*:*", "matchCriteriaId": "2C2A3DD2-35C1-4DB5-BDCC-C39F4961041C", "vulnerable": false}, {"criteria": "cpe:2.3:h:sricam:sh016:-:*:*:*:*:*:*:*", "matchCriteriaId": "409B6EF3-1DEB-4548-9CC1-634FCFEF9373", "vulnerable": false}, {"criteria": "cpe:2.3:h:sricam:sh024:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A7F788B-A89F-48F2-8B3A-060B205C399B", "vulnerable": false}, {"criteria": "cpe:2.3:h:sricam:sh026:-:*:*:*:*:*:*:*", "matchCriteriaId": "E2EFC9AA-D628-4F3A-AEE5-FF7F4614C895", "vulnerable": false}, {"criteria": "cpe:2.3:h:sricam:sh027:-:*:*:*:*:*:*:*", "matchCriteriaId": "5B888F17-C358-48EE-A01F-9D9E43BD1A5D", "vulnerable": false}, {"criteria": "cpe:2.3:h:sricam:sp007:-:*:*:*:*:*:*:*", "matchCriteriaId": "19DE107A-8C7C-46B5-9ECC-8D3CF4C4765E", "vulnerable": false}, {"criteria": "cpe:2.3:h:sricam:sp008:-:*:*:*:*:*:*:*", "matchCriteriaId": "78272233-1B9B-4057-92E6-4B52377BB681", "vulnerable": false}, {"criteria": "cpe:2.3:h:sricam:sp009:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D0943E2-82E8-4438-96DD-F107C5BCC7E8", "vulnerable": false}, {"criteria": "cpe:2.3:h:sricam:sp012:-:*:*:*:*:*:*:*", "matchCriteriaId": "8D4045D2-04E9-44EC-95A4-647F88A9D87E", "vulnerable": false}, {"criteria": "cpe:2.3:h:sricam:sp015:-:*:*:*:*:*:*:*", "matchCriteriaId": "8691CACB-052B-43EC-84AA-8D2869BE96B2", "vulnerable": false}, {"criteria": "cpe:2.3:h:sricam:sp017:-:*:*:*:*:*:*:*", "matchCriteriaId": "363ADBFA-B83B-4B24-A2B0-4C49570DB350", "vulnerable": false}, {"criteria": "cpe:2.3:h:sricam:sp018:-:*:*:*:*:*:*:*", "matchCriteriaId": "A53AF4CC-21EB-4E61-82FC-9A344DC2AEF5", "vulnerable": false}, {"criteria": "cpe:2.3:h:sricam:sp019:-:*:*:*:*:*:*:*", "matchCriteriaId": "494FBEB6-617E-44E6-A544-F67EC8280A86", "vulnerable": false}, {"criteria": "cpe:2.3:h:sricam:sp020:-:*:*:*:*:*:*:*", "matchCriteriaId": "400F51BF-EB0C-4AC8-AEC5-6F311562C7EB", "vulnerable": false}, {"criteria": "cpe:2.3:h:sricam:sp023:-:*:*:*:*:*:*:*", "matchCriteriaId": "109D9827-0C1A-44AB-B1D2-F9512E93A5A6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka non-threaded operation) with a timeout of several seconds."}, {"lang": "es", "value": "Las c\u00e1maras CCTV Sricam IP son vulnerables a una denegaci\u00f3n de servicio (DoS) mediante m\u00faltiples peticiones HTTP incompletas debido a que el servidor web (basado en gSOAP 2.8.x) est\u00e1 configurado para un enfoque de cola iterativa (tambi\u00e9n conocido como operaci\u00f3n sin hilos) con un tiempo de agotamiento de varios segundos."}], "id": "CVE-2019-6973", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-21T16:01:10.423", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/151377/Sricam-gSOAP-2.8-Denial-Of-Service.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/bitfu/sricam-gsoap2.8-dos-exploit"}, {"source": "cve@mitre.org", "tags": ["Exploit", "VDB Entry", "Third Party Advisory"], "url": "https://www.exploit-db.com/exploits/46261/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}