Packeteer PacketShaper Web Management Denial of Service

2007.06.17
Credit: nnposter
Risk: Low
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

Packeteer PacketShaper Web Management Denial of Service Critical: Less critical Impact: DoS Where: Local network Product: Packeteer PacketShaper http://www.packetshaper.com/ Packeteer PacketShaper is susceptible to a denial of service vulnerability in the web management interface. Requesting a specific URL will cause the device to reboot: http://(target)/rpttop.htm?OP.MEAS.DATAQUERY=&MEAS.TYPE= The user must first log in but even read-only "look" access is sufficient. The vulnerability has been identified in version 7.3.0g2 and 7.5.0g1. However, other versions may be also affected. Solution: Restrict network access to the device management interfaces Snort: alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"WEB-MISC PacketShaper DoS attempt"; flow:to_server,established; uricontent:"/rpttop.htm"; pcre:"/MEAS.TYPE=(?!(link|class)&)/U"; classtype:denial-of-service; sid:TBD; rev:1;) Found by: nnposter


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top