Vulnerabilities > CVE-2006-5179 - Denial-Of-Service vulnerability in Intoto Igateway Ssl-Vpn and Igateway VPN
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification, a related issue to CVE-2006-2940. It is reported that a patch may be obtained by contacting Intoto at the following email address: [email protected]
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Hardware | 2 |