CVE-2007-3956 : TeamSpeak WebServer 2.0 for Windows does not validate parameter value lengths and does not expire TCP sessions, which al

TeamSpeak WebServer 2.0 for Windows does not validate parameter value lengths and does not expire TCP sessions, which allows remote attackers to cause a denial of service (CPU and memory consumption) via long username and password parameters in a request to login.tscmd on TCP port 14534.

Published 2007-07-24 18:30:00

Updated 2017-09-29 01:29:10

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Exploit prediction scoring system (EPSS) score for CVE-2007-3956

Probability of exploitation activity in the next 30 days: 9.24%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2007-3956

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.8	HIGH	AV:N/AC:L/Au:N/C:N/I:N/A:C	10.0	6.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

References for CVE-2007-3956

Products affected by CVE-2007-3956

Teamspeak » Web Server » Version: 2.0
cpe:2.3:a:teamspeak:web_server:2.0:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » All Windows

Vulnerability Details : CVE-2007-3956

Exploit prediction scoring system (EPSS) score for CVE-2007-3956

CVSS scores for CVE-2007-3956

References for CVE-2007-3956

Products affected by CVE-2007-3956