V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2017-11368
ANC
Medium

In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2…

CVSS
6.5
Medium
EPSS
0.02
p81
Published
2017-01-01
Updated
2017-01-01
Description

In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.

Tags · CWE
CWE-617
Affected products
Fedora
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Timeline
2017-01-01
Published
2017-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: L
Low (L)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: N
None (N)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.024 · p81
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
Debian
Krb5
Canonical
Krb5
Red Hat
Krb5
Fedoraproject
Fedora
Mit
Kerberos 5KerberosKrb5
ProductVendorStatus
Tracked
Tracked
krb5Tracked
krb5Tracked
krb5Tracked
krb5Tracked
krb5Tracked
krb5Tracked
krb5Tracked
krb5Tracked
krb5Tracked
krb5Tracked
krb5Tracked
krb5Tracked
krb5Tracked
krb5Tracked
krb5Tracked
fedora*Tracked
kerberos*Tracked
kerberos_5*Tracked
Source databases
ANC
DEB
CVE
RED
UBU