Vulnerability Description
Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification, a related issue to CVE-2006-2940.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Intoto | Igateway Ssl-Vpn | All versions |
| Intoto | Igateway Vpn | All versions |
References
- http://secunia.com/advisories/22206Vendor Advisory
- http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=enVendor Advisory
- http://www.vupen.com/english/advisories/2006/3859
- http://secunia.com/advisories/22206Vendor Advisory
- http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=enVendor Advisory
- http://www.vupen.com/english/advisories/2006/3859
FAQ
What is CVE-2006-5179?
CVE-2006-5179 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modu...
How severe is CVE-2006-5179?
CVE-2006-5179 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5179?
Check the references section above for vendor advisories and patch information. Affected products include: Intoto Igateway Ssl-Vpn, Intoto Igateway Vpn.