NVD

Id
32779  
Name
CVE-2014-4883  
Description
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2014-11-27  
Modified Date
2015-01-08  
Seq
2014-4883  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
172290 32779 CVE-2014-4883 http://git.savannah.gnu.org/cgit/lwip.git/commit/?id=9fb46e120655ac481b2af8f865d5ae56c39b831a  View
172291 32779 CVE-2014-4883 VU#210620  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
16326 JVNDB-2014-005201 uIP と lwIP の DNS リゾルバにキャッシュポイズニングの脆弱性 uIP と lwIP に実装されている DNS リゾルバには、キャッシュポイズニング攻撃が容易になる脆弱性が存在します。 CVE-2014-4883 72172 CVE-2014-4883 32779 6.8 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-005201.html 2014-11-03 2014-12-01 View