JVN/CVE Demo: Cveinfos

CVE

Id: 43004
CVE No.: CVE-2010-0420
Status: Candidate
Description: libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname.
Phase: Assigned (20100127)
Votes: None (candidate not yet proposed)
Comments

Actions

Related CVE References

Id	CVE Id	CVE No.	Reference	Actions
468779	43004	CVE-2010-0420	CONFIRM:http://developer.pidgin.im/wiki/ChangeLog	View
468780	43004	CVE-2010-0420	CONFIRM:http://pidgin.im/news/security/?id=44	View
468781	43004	CVE-2010-0420	CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=565786	View
468782	43004	CVE-2010-0420	DEBIAN:DSA-2038	View
468783	43004	CVE-2010-0420	URL:http://www.debian.org/security/2010/dsa-2038	View
468784	43004	CVE-2010-0420	FEDORA:FEDORA-2010-1279	View
468785	43004	CVE-2010-0420	URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035332.html	View
468786	43004	CVE-2010-0420	FEDORA:FEDORA-2010-1383	View
468787	43004	CVE-2010-0420	URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.html	View
468788	43004	CVE-2010-0420	FEDORA:FEDORA-2010-1934	View
468789	43004	CVE-2010-0420	URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035347.html	View
468790	43004	CVE-2010-0420	MANDRIVA:MDVSA-2010:041	View
468791	43004	CVE-2010-0420	URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:041	View
468792	43004	CVE-2010-0420	MANDRIVA:MDVSA-2010:085	View
468793	43004	CVE-2010-0420	URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:085	View
468794	43004	CVE-2010-0420	REDHAT:RHSA-2010:0115	View
468795	43004	CVE-2010-0420	URL:https://rhn.redhat.com/errata/RHSA-2010-0115.html	View
468796	43004	CVE-2010-0420	SUSE:SUSE-SR:2010:006	View
468797	43004	CVE-2010-0420	URL:http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html	View
468798	43004	CVE-2010-0420	UBUNTU:USN-902-1	View
468799	43004	CVE-2010-0420	URL:http://www.ubuntu.com/usn/USN-902-1	View
468800	43004	CVE-2010-0420	BID:38294	View
468801	43004	CVE-2010-0420	URL:http://www.securityfocus.com/bid/38294	View
468802	43004	CVE-2010-0420	OSVDB:62439	View
468803	43004	CVE-2010-0420	URL:http://www.osvdb.org/62439	View
468804	43004	CVE-2010-0420	OVAL:oval:org.mitre.oval:def:11485	View
468805	43004	CVE-2010-0420	URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11485	View
468806	43004	CVE-2010-0420	OVAL:oval:org.mitre.oval:def:18230	View
468807	43004	CVE-2010-0420	URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:18230	View
468808	43004	CVE-2010-0420	SECUNIA:38563	View
468809	43004	CVE-2010-0420	URL:http://secunia.com/advisories/38563	View
468810	43004	CVE-2010-0420	SECUNIA:38640	View
468811	43004	CVE-2010-0420	URL:http://secunia.com/advisories/38640	View
468812	43004	CVE-2010-0420	SECUNIA:38658	View
468813	43004	CVE-2010-0420	URL:http://secunia.com/advisories/38658	View
468814	43004	CVE-2010-0420	SECUNIA:38712	View
468815	43004	CVE-2010-0420	URL:http://secunia.com/advisories/38712	View
468816	43004	CVE-2010-0420	SECUNIA:38915	View
468817	43004	CVE-2010-0420	URL:http://secunia.com/advisories/38915	View
468818	43004	CVE-2010-0420	SECUNIA:39509	View
468819	43004	CVE-2010-0420	URL:http://secunia.com/advisories/39509	View
468820	43004	CVE-2010-0420	VUPEN:ADV-2010-0413	View
468821	43004	CVE-2010-0420	URL:http://www.vupen.com/english/advisories/2010/0413	View
468822	43004	CVE-2010-0420	VUPEN:ADV-2010-1020	View
468823	43004	CVE-2010-0420	URL:http://www.vupen.com/english/advisories/2010/1020	View
468824	43004	CVE-2010-0420	VUPEN:ADV-2010-0914	View
468825	43004	CVE-2010-0420	URL:http://www.vupen.com/english/advisories/2010/0914	View
468826	43004	CVE-2010-0420	XF:pidgin-xmpp-nickname-dos(56399)	View

Related JVN

Id	JVN No.	Title	Summary	CVE No.	CVE Id	CVSS_v2	CVSS_v3	JVN URL	Actions
38024	JVNDB-2010-003809	cronie および Vixie cron の edit_cmd 関数におけるサービス運用妨害 (DoS) の脆弱性	(1) cronie および (2) Vixie cron (vixie-cron) の crontab.c の edit_cmd 関数には、任意のファイルの編集時間を変更し、サービス運用妨害 (DoS) 状態となる脆弱性が存在します。	CVE-2010-0424	43004	3.3		http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-003809.html	View

Message	Memory use
Component initialization	1.38 MB
Controller action start	1.49 MB
Controller render start	2.32 MB
View render complete	2.80 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	3.17
Event: Controller.initialize	0.02
Event: Controller.startup	0.06
Controller action	399.84
Event: Controller.beforeRender	4.07
» Processing toolbar data	3.98
Rendering View	15.72
» Event: View.beforeRender	0.02
» Rendering APP/View/Cveinfos/view.ctp	14.73
» Event: View.afterRender	0.02
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	0.56
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	0.10
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Http Connection	close
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/cveinfos/view/43004
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/cveinfos/view/43004
Remote Port	38772
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	3.15.2.88
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
X Dostranslated Ip	3.15.2.88
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	3.15.2.88
Unique Id	aCSJLNxYmyXZNffgaIDTRAAAAUk
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect X Dostranslated Ip	3.15.2.88
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	3.15.2.88
Redirect Unique Id	aCSJLNxYmyXZNffgaIDTRAAAAUk
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect X Dostranslated Ip	3.15.2.88
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	3.15.2.88
Redirect Redirect Unique Id	aCSJLNxYmyXZNffgaIDTRAAAAUk
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1747224876.0568
Request Time	1747224876

CVE

Actions

Related CVE References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files