Packeteer PacketShaper Web Management Denial of Service

2007.06.17

Credit: nnposter

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2007-3151

CWE: CWE-Other

CVSS Base Score: 5/10

Impact Subscore: 2.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: None

Integrity impact: None

Availability impact: Partial

Packeteer PacketShaper Web Management Denial of Service
Critical: Less critical
Impact: DoS
Where: Local network
Product: Packeteer PacketShaper
http://www.packetshaper.com/
Packeteer PacketShaper is susceptible to a denial of service vulnerability in the web management interface. Requesting a specific URL will cause the device to reboot:
http://(target)/rpttop.htm?OP.MEAS.DATAQUERY=&MEAS.TYPE=
The user must first log in but even read-only "look" access is sufficient.
The vulnerability has been identified in version 7.3.0g2 and 7.5.0g1. However, other versions may be also affected.
Solution:
Restrict network access to the device management interfaces
Snort:
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS
(msg:"WEB-MISC PacketShaper DoS attempt"; flow:to_server,established;
uricontent:"/rpttop.htm"; pcre:"/MEAS.TYPE=(?!(link|class)&)/U";
classtype:denial-of-service; sid:TBD; rev:1;)
Found by:
nnposter

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Packeteer PacketShaper Web Management Denial of Service

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.