CVE-2017-15300 - OpenCVE

The miner statistics HTTP API in EWBF Cuda Zcash Miner Version 0.3.4b hangs on incoming TCP connections until some sort of request is made (such as "GET / HTTP/1.1"), which allows for a Denial of Service attack preventing a user from viewing their mining statistics by an attacker opening a session with telnet or netcat and connecting to the miner on the HTTP API port.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ewbf	Cuda Zcash Miner

Configuration 1 [-]

cpe:2.3:a:ewbf:cuda_zcash_miner:0.3.4b:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://bitcointalk.org/index.php?topic=1707546.msg23016970#msg23016970
https://www.legacysecuritygroup.com/cve-2017-15300.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-10-15T08:00:00

Updated: 2024-08-05T19:50:16.492Z

Reserved: 2017-10-14T00:00:00

Link: CVE-2017-15300

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-10-15T08:29:00.200

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-15300

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-10-15T00:00:00", "descriptions": [{"lang": "en", "value": "The miner statistics HTTP API in EWBF Cuda Zcash Miner Version 0.3.4b hangs on incoming TCP connections until some sort of request is made (such as \"GET / HTTP/1.1\"), which allows for a Denial of Service attack preventing a user from viewing their mining statistics by an attacker opening a session with telnet or netcat and connecting to the miner on the HTTP API port."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-15T07:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.legacysecuritygroup.com/cve-2017-15300.html"}, {"tags": ["x_refsource_MISC"], "url": "https://bitcointalk.org/index.php?topic=1707546.msg23016970#msg23016970"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-15300", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The miner statistics HTTP API in EWBF Cuda Zcash Miner Version 0.3.4b hangs on incoming TCP connections until some sort of request is made (such as \"GET / HTTP/1.1\"), which allows for a Denial of Service attack preventing a user from viewing their mining statistics by an attacker opening a session with telnet or netcat and connecting to the miner on the HTTP API port."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.legacysecuritygroup.com/cve-2017-15300.html", "refsource": "MISC", "url": "https://www.legacysecuritygroup.com/cve-2017-15300.html"}, {"name": "https://bitcointalk.org/index.php?topic=1707546.msg23016970#msg23016970", "refsource": "MISC", "url": "https://bitcointalk.org/index.php?topic=1707546.msg23016970#msg23016970"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:50:16.492Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.legacysecuritygroup.com/cve-2017-15300.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bitcointalk.org/index.php?topic=1707546.msg23016970#msg23016970"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-15300", "datePublished": "2017-10-15T08:00:00", "dateReserved": "2017-10-14T00:00:00", "dateUpdated": "2024-08-05T19:50:16.492Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ewbf:cuda_zcash_miner:0.3.4b:*:*:*:*:*:*:*", "matchCriteriaId": "EF8752DB-6191-4819-AAE4-DD9F6FE22C1C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The miner statistics HTTP API in EWBF Cuda Zcash Miner Version 0.3.4b hangs on incoming TCP connections until some sort of request is made (such as \"GET / HTTP/1.1\"), which allows for a Denial of Service attack preventing a user from viewing their mining statistics by an attacker opening a session with telnet or netcat and connecting to the miner on the HTTP API port."}, {"lang": "es", "value": "Las estad\u00edsticas de extracci\u00f3n de la API HTTP en EWBF Cuda Zcash Miner versi\u00f3n 0.3.4b mantienen conexiones TCP hasta que se realice alg\u00fan tipo de petici\u00f3n (como \"GET / HTTP/1.1\"), lo que permite un ataque de denegaci\u00f3n de servicio (DoS) que evita que un usuario visualice sus estad\u00edsticas de extracci\u00f3n por parte de un atacante que abre una sesi\u00f3n con telnet o netcat y se conecta al extractor o miner en el puerto de la API HTTP."}], "id": "CVE-2017-15300", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-15T08:29:00.200", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bitcointalk.org/index.php?topic=1707546.msg23016970#msg23016970"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.legacysecuritygroup.com/cve-2017-15300.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}