Vulnerability Details CVE-2006-5179
Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification, a related issue to CVE-2006-2940.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.4%
CVSS Severity
CVSS v2 Score 5.4
References
- http://secunia.com/advisories/22206
- http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en
- http://www.vupen.com/english/advisories/2006/3859
- http://secunia.com/advisories/22206
- http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en
- http://www.vupen.com/english/advisories/2006/3859
Products affected by CVE-2006-5179
-
cpe:2.3:h:intoto:igateway_ssl-vpn:*
-
cpe:2.3:h:intoto:igateway_vpn:*