Weekly Vulnerabilities Reports > May 3 to 9, 2004

Overview

2 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 2 products from 2 vendors including Apache, and Ethereal. Vulnerabilities are notably categorized as "NULL Pointer Dereference", and "Improper Locking".

2 reported vulnerabilities are remotely exploitables.
2 reported vulnerabilities are exploitable by an anonymous user.
Apache has the most reported vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES

CRITICAL RISK
VULNERABILITIES

HIGH RISK
VULNERABILITIES

MEDIUM RISK
VULNERABILITIES

LOW RISK
VULNERABILITIES

REMOTELY
EXPLOITABLE

LOCALLY
EXPLOITABLE

EXPLOIT
AVAILABLE

EXPLOITABLE
ANONYMOUSLY

AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

0 Critical Vulnerabilities

DATE	CVE	VENDOR	VULNERABILITY	CVSS

Expand/Hide

2 High Vulnerabilities

DATE	CVE	VENDOR	VULNERABILITY	CVSS
2004-05-04	CVE-2004-0365	Ethereal	NULL Pointer Dereference vulnerability in Ethereal The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference.	7.5
2004-05-04	CVE-2004-0174	Apache	Improper Locking vulnerability in Apache Http Server Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."	7.5

Expand/Hide

0 Medium Vulnerabilities

DATE	CVE	VENDOR	VULNERABILITY	CVSS

Expand/Hide

0 Low Vulnerabilities

DATE	CVE	VENDOR	VULNERABILITY	CVSS