CVE-2015-0235
Scores
EPSS
0.849high84.9%
0%20%40%60%80%100%
Percentile: 84.9%
CVSS
6.8medium2.0
0246810
CVSS Score: 6.8/10
All CVSS Scores
CVSS 2.0
6.8Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Vector Breakdown
CVSS (Common Vulnerability Scoring System) vector provides detailed metrics about vulnerability characteristics
CVSS
Attack Vector
Network (N)
Describes how the vulnerability is exploited
AV:N
Attack Complexity
Medium
Describes the conditions beyond the attacker's control
AC:M
Authentication
None (N)
Describes the level of privileges an attacker must possess
Au:N
Confidentiality Impact
Partial
Measures the impact to the confidentiality of information
C:P
Integrity Impact
Partial
Measures the impact to integrity of a successfully exploited vulnerability
I:P
Availability Impact
Partial
Measures the impact to the availability of the impacted component
A:P
Description
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka “GHOST.”
Scaner-VS 7 — a modern vulnerability management solution
Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7Sources
debiannvdredhatubuntu
CWEs
CWE-131CWE-787
Related Vulnerabilities
BDU:2015-07217BDU:2015-07219BDU:2015-07221BDU:2015-07223BDU:2015-07225BDU:2015-07227BDU:2015-07229BDU:2015-07230BDU:2015-09331BDU:2015-09332BDU:2015-09333BDU:2015-09334BDU:2015-09335BDU:2015-09336BDU:2015-09337BDU:2015-09338BDU:2015-09813BDU:2015-09814BDU:2015-09865BDU:2015-09866BDU:2015-09867BDU:2015-09868BDU:2015-09869BDU:2015-10227BDU:2015-10228BDU:2015-10229BDU:2015-10230BDU:2015-10231BDU:2015-10232BDU:2015-10233
Exploits
Recommendations
Source: nvd
All glibc users should upgrade to the latest version:
# emerge –sync
# emerge –ask –oneshot –verbose “>=sys-libs/glibc-2.19-r1”
Vulnerable Software (33)
Type: Configuration
Product: eglibc
Operating System: ubuntu trusty 14.04
Trait:
{ "unaffected": true}
Source: ubuntu
Type: Configuration
Product: eglibc
Operating System: debian
Trait:
{ "unfixed": true}
Source: debian
Type: Configuration
Product: glibc
Operating System: ubuntu utopic 14.10
Trait:
{ "unaffected": true}
Source: ubuntu
Type: Configuration
Product: glibc
Operating System: rhel 4
Trait:
{ "fixed": "2.3.4-2.57.el4.2"}
Source: redhat
Type: Configuration
Product: glibc
Operating System: rhel 5
Trait:
{ "fixed": "2.5-123.el5_11.1"}
Source: redhat
Type: Configuration
Product: glibc
Operating System: rhel 5.6
Trait:
{ "fixed": "2.5-58.el5_6.6"}
Source: redhat
Type: Configuration
Product: glibc
Operating System: rhel 5.9
Trait:
{ "fixed": "2.5-107.el5_9.8"}
Source: redhat
Type: Configuration
Product: glibc
Operating System: rhel 6
Trait:
{ "fixed": "2.12-1.149.el6_6.5"}
Source: redhat
Type: Configuration
Product: glibc
Operating System: rhel 6.2
Trait:
{ "fixed": "2.12-1.47.el6_2.15"}
Source: redhat
Type: Configuration
Product: glibc
Operating System: rhel 6.4
Trait:
{ "fixed": "2.12-1.107.el6_4.7"}
Source: redhat
Type: Configuration
Product: glibc
Operating System: rhel 6.5
Trait:
{ "fixed": "2.12-1.132.el6_5.5"}
Source: redhat
Type: Configuration
Product: glibc
Operating System: rhel 7
Trait:
{ "fixed": "2.17-55.el7_0.5"}
Source: redhat
Type: Configuration
Product: glibc
Operating System: debian
Trait:
{ "fixed": "2.18-1"}
Source: debian
Type: Configuration
Product: kernel-modules-virtualbox-addition-std-def
Operating System: altlinux
Trait:
{ "fixed": "0:5.1.24-alt1.264486.1"}
Source: redhat
Type: Configuration
Product: rhev-hypervisor6
Operating System: rhel 6
Trait:
{ "fixed": "6.6-20150123.1.el6ev"}
Source: redhat
Type: Configuration
Vendor: *
Product: communications_application_session_controller
Operating System: * * *
Trait:
{ "cpe_match": [ { "cpe23uri": "cpe:2.3:a:oracle:communications_application_session_controller:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.7.1", "vulnerable": true }, {...
{ "cpe_match": [ { "cpe23uri": "cpe:2.3:a:oracle:communications_application_session_controller:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.7.1", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_eagle_application_processor:16.0:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.0:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_lsms:13.1:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_policy_management:9.7.3:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_policy_management:9.9.1:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_policy_management:10.4.1:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_policy_management:11.5:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_policy_management:12.1.1:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_session_border_controller:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.2.0", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_session_border_controller:7.2.0:-:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_user_data_repository:*:*:*:*:*:*:*:*", "versionEndIncluding": "10.0.1", "versionStartIncluding": "10.0.0", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.0:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.1:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:exalogic_infrastructure:1.0:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:exalogic_infrastructure:2.0:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.1.24", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:oracle:linux:7:0:*:*:*:*:*:*", "vulnerable": true } ], "operator": "OR"}
Source: nvd
Type: Configuration
Vendor: *
Product: communications_eagle_application_processor
Operating System: * * *
Trait:
{ "cpe_match": [ { "cpe23uri": "cpe:2.3:a:oracle:communications_application_session_controller:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.7.1", "vulnerable": true }, {...
{ "cpe_match": [ { "cpe23uri": "cpe:2.3:a:oracle:communications_application_session_controller:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.7.1", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_eagle_application_processor:16.0:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.0:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_lsms:13.1:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_policy_management:9.7.3:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_policy_management:9.9.1:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_policy_management:10.4.1:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_policy_management:11.5:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_policy_management:12.1.1:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_session_border_controller:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.2.0", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_session_border_controller:7.2.0:-:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_user_data_repository:*:*:*:*:*:*:*:*", "versionEndIncluding": "10.0.1", "versionStartIncluding": "10.0.0", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.0:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.1:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:exalogic_infrastructure:1.0:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:exalogic_infrastructure:2.0:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.1.24", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:oracle:linux:7:0:*:*:*:*:*:*", "vulnerable": true } ], "operator": "OR"}
Source: nvd
Type: Configuration
Vendor: *
Product: communications_eagle_lnp_application_processor
Operating System: * * *
Trait:
{ "cpe_match": [ { "cpe23uri": "cpe:2.3:a:oracle:communications_application_session_controller:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.7.1", "vulnerable": true }, {...
{ "cpe_match": [ { "cpe23uri": "cpe:2.3:a:oracle:communications_application_session_controller:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.7.1", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_eagle_application_processor:16.0:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.0:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_lsms:13.1:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_policy_management:9.7.3:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_policy_management:9.9.1:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_policy_management:10.4.1:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_policy_management:11.5:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_policy_management:12.1.1:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_session_border_controller:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.2.0", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_session_border_controller:7.2.0:-:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_user_data_repository:*:*:*:*:*:*:*:*", "versionEndIncluding": "10.0.1", "versionStartIncluding": "10.0.0", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.0:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.1:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:exalogic_infrastructure:1.0:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:exalogic_infrastructure:2.0:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.1.24", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:oracle:linux:7:0:*:*:*:*:*:*", "vulnerable": true } ], "operator": "OR"}
Source: nvd
Type: Configuration
Vendor: *
Product: communications_lsms
Operating System: * * *
Trait:
{ "cpe_match": [ { "cpe23uri": "cpe:2.3:a:oracle:communications_application_session_controller:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.7.1", "vulnerable": true }, {...
{ "cpe_match": [ { "cpe23uri": "cpe:2.3:a:oracle:communications_application_session_controller:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.7.1", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_eagle_application_processor:16.0:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.0:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_lsms:13.1:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_policy_management:9.7.3:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_policy_management:9.9.1:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_policy_management:10.4.1:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_policy_management:11.5:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_policy_management:12.1.1:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_session_border_controller:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.2.0", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_session_border_controller:7.2.0:-:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_user_data_repository:*:*:*:*:*:*:*:*", "versionEndIncluding": "10.0.1", "versionStartIncluding": "10.0.0", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.0:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.1:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:exalogic_infrastructure:1.0:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:exalogic_infrastructure:2.0:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.1.24", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:oracle:linux:7:0:*:*:*:*:*:*", "vulnerable": true } ], "operator": "OR"}
Source: nvd
Type: Configuration
Vendor: *
Product: communications_policy_management
Operating System: * * *
Trait:
{ "cpe_match": [ { "cpe23uri": "cpe:2.3:a:oracle:communications_application_session_controller:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.7.1", "vulnerable": true }, {...
{ "cpe_match": [ { "cpe23uri": "cpe:2.3:a:oracle:communications_application_session_controller:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.7.1", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_eagle_application_processor:16.0:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.0:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_lsms:13.1:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_policy_management:9.7.3:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_policy_management:9.9.1:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_policy_management:10.4.1:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_policy_management:11.5:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_policy_management:12.1.1:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_session_border_controller:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.2.0", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_session_border_controller:7.2.0:-:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_user_data_repository:*:*:*:*:*:*:*:*", "versionEndIncluding": "10.0.1", "versionStartIncluding": "10.0.0", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.0:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.1:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:exalogic_infrastructure:1.0:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:exalogic_infrastructure:2.0:*:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.1.24", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:oracle:linux:7:0:*:*:*:*:*:*", "vulnerable": true } ], "operator": "OR"}
Source: nvd