Vulnerability Details : CVE-2007-0009
Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.
Vulnerability category: OverflowExecute code
Threat overview for CVE-2007-0009
Top countries where our scanners detected CVE-2007-0009
Top open port discovered on systems with this issue
5555
IPs affected by CVE-2007-0009 121
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2007-0009!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2007-0009
Probability of exploitation activity in the next 30 days: 96.52%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2007-0009
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2007-0009
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-0009
-
http://www.redhat.com/support/errata/RHSA-2007-0078.html
Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2007-0097.html
Third Party Advisory
-
http://fedoranews.org/cms/node/2711
Broken Link
-
http://www.mozilla.org/security/announce/2007/mfsa2007-06.html
Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/32663
Third Party Advisory;VDB Entry
-
http://www.ubuntu.com/usn/usn-431-1
Third Party Advisory
-
http://www.kb.cert.org/vuls/id/592796
Third Party Advisory;US Government Resource
-
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
Broken Link
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1
Broken Link
-
http://www.vupen.com/english/advisories/2007/2141
Third Party Advisory
-
http://www.vupen.com/english/advisories/2007/0719
Third Party Advisory
-
http://fedoranews.org/cms/node/2747
Broken Link
-
http://www.vupen.com/english/advisories/2007/1165
Third Party Advisory
-
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
Broken Link
-
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
Oracle Critical Patch Update - January 2014Third Party Advisory
-
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483
Broken Link
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1
Broken Link
-
http://www.redhat.com/support/errata/RHSA-2007-0079.html
Third Party Advisory
-
http://www.securityfocus.com/bid/64758
RETIRED: Oracle January 2014 Critical Patch Update Multiple VulnerabilitiesThird Party Advisory;VDB Entry
-
http://www.vupen.com/english/advisories/2007/0718
Third Party Advisory
-
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
Broken Link
-
http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml
Third Party Advisory
-
http://security.gentoo.org/glsa/glsa-200703-18.xml
Third Party Advisory
-
http://www.debian.org/security/2007/dsa-1336
Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2007-0108.html
Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:052
Third Party Advisory
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
Mailing List;Third Party Advisory
-
http://www.securityfocus.com/archive/1/461336/100/0/threaded
Third Party Advisory;VDB Entry
-
http://www.ubuntu.com/usn/usn-428-1
Third Party Advisory
-
http://www.securitytracker.com/id?1017696
Third Party Advisory;VDB Entry
-
https://bugzilla.mozilla.org/show_bug.cgi?id=364323
Issue Tracking;Vendor Advisory
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
Mailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2007-0077.html
Third Party Advisory
-
https://issues.rpath.com/browse/RPL-1081
Broken Link
-
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
Broken Link
-
http://www.securityfocus.com/archive/1/461809/100/0/threaded
Third Party Advisory;VDB Entry
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
Mailing List;Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10174
Third Party Advisory
-
http://fedoranews.org/cms/node/2749
Broken Link
-
http://fedoranews.org/cms/node/2709
Broken Link
-
https://issues.rpath.com/browse/RPL-1103
Broken Link
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
Broken Link
Products affected by CVE-2007-0009
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*