製品・ソフトウェアに関する情報

JVN脆弱性詳細

Skype におけるサービス運用妨害 (DoS) の脆弱性

Title	Skype におけるサービス運用妨害 (DoS) の脆弱性
Summary	Skype は、過度に長い URI を送信する不備があるため、2007年8月17日に "指定番号に電話する" を使用して攻撃されたとおり、サービス運用妨害 (サーバハング) 状態となる脆弱性が存在します。
Possible impacts	第三者により、サービス運用妨害 (サーバハング) 状態にされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Aug. 20, 2007, midnight
Registration Date	Dec. 20, 2012, 6:33 p.m.
Last Update	Dec. 20, 2012, 6:33 p.m.

CVSS2.0 : 警告
Score	5
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P

Affected System

Skype Technologies S.A.

Skype

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-4429	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4429
National Vulnerability Database (NVD)
2	CVE-2007-4429	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4429

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/CWE.html#CWEnoinfo

ベンダー情報

No	Name	URL
skype technologies
1	Top Page	http://www.skype.com/

Change Log

No	Changed Details	Date of change
0	[2012年12月20日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2007-4429

Summary	Unspecified vulnerability in Skype allows remote attackers to cause a denial of service (server hang) via unknown vectors related to sending long URIs, as claimed to be actively exploited on 20070817 using a "call to a specific number." NOTE: this identifier is for the en.securitylab.ru disclosure. According to the vendor, this issue is separate from the "sign-on issues" that reduced Skype service on 20070817, which appears to be a site-specific problem. As of 20070821, it is not clear whether this issue is simply a symptom of the larger sign-on problem.
Summary	Una vulnerabilidad no especificada en Skype, permite a atacantes remotos causar una denegación de servicio (suspensión del servidor) por medio de vectores desconocidos relacionados a el envío de URIs largos, como es afirmado para ser explotados activamente en 20070817 usando una "call to a specific number." NOTA: este identificador es para la divulgación de en.securitylab.ru. Según el proveedor, este problema es independiente de los "sign-on issues" que redujo el servicio de Skype en 20070817, lo que parece ser un problema específico del sitio. A partir de 20070821, no está claro si este problema es simplemente un síntoma de un problema de acceso mayor.
Publication Date	Aug. 21, 2007, 4:17 a.m.
Registration Date	Jan. 29, 2021, 2:18 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:skype_technologies:skype::::::::

Related information, measures and tools

No	URL	refsource
1	http://blogs.csoonline.com/the_skype_mystery_why_blame_the_august_windows_updates	cve@mitre.org
2	http://en.securitylab.ru/poc/301420.php	cve@mitre.org
3	http://en.securitylab.ru/poc/extra/301419.php	cve@mitre.org
4	http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html	cve@mitre.org
5	http://heartbeat.skype.com/2007/08/where_we_are_at_1100_gmt.html	cve@mitre.org
6	http://securityreason.com/securityalert/3032	cve@mitre.org
7	http://www.securityfocus.com/archive/1/476942/100/0/threaded	cve@mitre.org
8	http://www.securityfocus.com/archive/1/477156/100/0/threaded	cve@mitre.org
9	http://www.securityfocus.com/archive/1/477178/100/0/threaded	cve@mitre.org
10	http://www.securityfocus.com/archive/1/477240/100/0/threaded	cve@mitre.org
11	http://www.securitylab.ru/news/301422.php	cve@mitre.org
12	http://blogs.csoonline.com/the_skype_mystery_why_blame_the_august_windows_updates	af854a3a-2127-422b-91ae-364da2661108
13	http://en.securitylab.ru/poc/301420.php	af854a3a-2127-422b-91ae-364da2661108
14	http://en.securitylab.ru/poc/extra/301419.php	af854a3a-2127-422b-91ae-364da2661108
15	http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html	af854a3a-2127-422b-91ae-364da2661108
16	http://heartbeat.skype.com/2007/08/where_we_are_at_1100_gmt.html	af854a3a-2127-422b-91ae-364da2661108
17	http://securityreason.com/securityalert/3032	af854a3a-2127-422b-91ae-364da2661108
18	http://www.securityfocus.com/archive/1/476942/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
19	http://www.securityfocus.com/archive/1/477156/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
20	http://www.securityfocus.com/archive/1/477178/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
21	http://www.securityfocus.com/archive/1/477240/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
22	http://www.securitylab.ru/news/301422.php	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List