Vulnerability-Lookup

CVE-2008-4133 (GCVE-0-2008-4133)

Vulnerability from cvelistv5 – Published: 2008-09-19 17:04 – Updated: 2024-08-07 10:08

Summary

The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/31050	vdb-entryx_refsource_BID
	http://secunia.com/advisories/31767	third-party-advisoryx_refsource_SECUNIA
	http://archives.neohapsis.com/archives/fulldisclo…	mailing-listx_refsource_FULLDISC
	http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3808	x_refsource_MISC
	http://securityreason.com/securityalert/4276	third-party-advisoryx_refsource_SREASON
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securitytracker.com/id?1020825	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/archive/1/496072/100…	mailing-listx_refsource_BUGTRAQ

Date Public ?

2008-09-08 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:08:34.197Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "31050",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31050"
          },
          {
            "name": "31767",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31767"
          },
          {
            "name": "20080908 [scip_Advisory 3808] D-Link DIR-100 long url filter evasion",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0133.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3808"
          },
          {
            "name": "4276",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/4276"
          },
          {
            "name": "dlink-dir100-webproxyfilter-security-bypass(44961)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44961"
          },
          {
            "name": "1020825",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020825"
          },
          {
            "name": "20080908 [scip_Advisory 3808] D-Link DIR-100 long url filter evasion",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/496072/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "31050",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31050"
        },
        {
          "name": "31767",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31767"
        },
        {
          "name": "20080908 [scip_Advisory 3808] D-Link DIR-100 long url filter evasion",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0133.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3808"
        },
        {
          "name": "4276",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/4276"
        },
        {
          "name": "dlink-dir100-webproxyfilter-security-bypass(44961)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44961"
        },
        {
          "name": "1020825",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020825"
        },
        {
          "name": "20080908 [scip_Advisory 3808] D-Link DIR-100 long url filter evasion",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/496072/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4133",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "31050",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31050"
            },
            {
              "name": "31767",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31767"
            },
            {
              "name": "20080908 [scip_Advisory 3808] D-Link DIR-100 long url filter evasion",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0133.html"
            },
            {
              "name": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3808",
              "refsource": "MISC",
              "url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3808"
            },
            {
              "name": "4276",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/4276"
            },
            {
              "name": "dlink-dir100-webproxyfilter-security-bypass(44961)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44961"
            },
            {
              "name": "1020825",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020825"
            },
            {
              "name": "20080908 [scip_Advisory 3808] D-Link DIR-100 long url filter evasion",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/496072/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-4133",
    "datePublished": "2008-09-19T17:04:00.000Z",
    "dateReserved": "2008-09-19T00:00:00.000Z",
    "dateUpdated": "2024-08-07T10:08:34.197Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2008-4133",
      "date": "2026-05-01",
      "epss": "0.08883",
      "percentile": "0.92575"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-4133\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-09-19T17:15:05.593\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters.\"},{\"lang\":\"es\",\"value\":\"El servicio web proxy en el  D-Link DIR-100 con firmware 1.12 y anteriores no filtra de manera apropiada las peticiones web con URLs de mucha longitud, permite a atacantes remotos evitar los filtros de restricci\u00f3n web.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:d-link:dir-100:1.02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35434946-565C-4756-BB73-BD1A02566999\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:d-link:dir-100:1.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"866C86B9-9CE9-45CC-BECF-1B00869ABE14\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0133.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/31767\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/4276\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3808\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/496072/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/31050\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1020825\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/44961\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0133.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31767\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/4276\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3808\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/496072/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/31050\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1020825\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/44961\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-200809-0058

Vulnerability from variot - Updated: 2025-04-10 22:57

The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters. D-Link DIR-100 is a small broadband router with integrated firewall function.

There are loopholes in the implementation of DIR-100's web management interface. If users use a long URL of about 1300 characters in a web browser, they can bypass URL filtering performed by the built-in firewall of D-Link DIR-100 router. Access to restricted resources. D-Link DIR-100 is affected by a vulnerability that allows attackers to bypass security restrictions and access sites that are blocked by an administrator. D-Link DIR-100 devices with firmware 1.12 are vulnerable; other versions may be affected as well. ----------------------------------------------------------------------

We have updated our website, enjoy! http://secunia.com/

TITLE: D-Link DIR-100 Ethernet Broadband Router URL Filtering Bypass

SECUNIA ADVISORY ID: SA31767

VERIFY ADVISORY: http://secunia.com/advisories/31767/

CRITICAL: Less critical

IMPACT: Security Bypass

WHERE:

From local network

OPERATING SYSTEM: D-Link DIR-100 Ethernet Broadband Router http://secunia.com/product/19762/

DESCRIPTION: Marc Ruef has reported a vulnerability in D-Link DIR-100 Ethernet Broadband Router, which can be exploited by malicious people to bypass the URL filtering functionality.

The vulnerability is caused due to an error within the parental control when handling certain requested URLs and can be exploited to access forbidden websites via long, specially crafted requests.

SOLUTION: Do not rely on the filtering mechanism.

PROVIDED AND/OR DISCOVERED BY: Marc Ruef, scip AG

ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064303.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200809-0058",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "dir-100",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "d link",
        "version": "1.12"
      },
      {
        "model": "dir-100",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "d link",
        "version": "1.02"
      },
      {
        "model": "dir-100",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "d link",
        "version": "firmware 1.12"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.6,
        "vendor": "none",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2008-4325"
      },
      {
        "db": "BID",
        "id": "31050"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-003444"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-264"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4133"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:d-link:dir-100",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-003444"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Marc Ruef",
    "sources": [
      {
        "db": "BID",
        "id": "31050"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2008-4133",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2008-4133",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-34258",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2008-4133",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2008-4133",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200809-264",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-34258",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-34258"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-003444"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-264"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4133"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters. D-Link DIR-100 is a small broadband router with integrated firewall function. \n\n\u00a0There are loopholes in the implementation of DIR-100\u0027s web management interface. If users use a long URL of about 1300 characters in a web browser, they can bypass URL filtering performed by the built-in firewall of D-Link DIR-100 router. Access to restricted resources. D-Link DIR-100 is affected by a vulnerability that allows attackers to bypass security restrictions and access sites that are blocked by an administrator. \nD-Link DIR-100 devices with firmware 1.12 are vulnerable; other versions may be affected as well. ----------------------------------------------------------------------\n\nWe have updated our website, enjoy!\nhttp://secunia.com/\n\n----------------------------------------------------------------------\n\nTITLE:\nD-Link DIR-100 Ethernet Broadband Router URL Filtering Bypass\n\nSECUNIA ADVISORY ID:\nSA31767\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/31767/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nD-Link DIR-100 Ethernet Broadband Router\nhttp://secunia.com/product/19762/\n\nDESCRIPTION:\nMarc Ruef has reported a vulnerability in D-Link DIR-100 Ethernet\nBroadband Router, which can be exploited by malicious people to\nbypass the URL filtering functionality. \n\nThe vulnerability is caused due to an error within the parental\ncontrol when handling certain requested URLs and can be exploited to\naccess forbidden websites via long, specially crafted requests. \n\nSOLUTION:\nDo not rely on the filtering mechanism. \n\nPROVIDED AND/OR DISCOVERED BY:\nMarc Ruef, scip AG\n\nORIGINAL ADVISORY:\nhttp://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064303.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-4133"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-003444"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2008-4325"
      },
      {
        "db": "BID",
        "id": "31050"
      },
      {
        "db": "VULHUB",
        "id": "VHN-34258"
      },
      {
        "db": "PACKETSTORM",
        "id": "69757"
      }
    ],
    "trust": 2.61
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-34258",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-34258"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-4133",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "31050",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "31767",
        "trust": 1.8
      },
      {
        "db": "SREASON",
        "id": "4276",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1020825",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-003444",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2008-4325",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "100",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "44961",
        "trust": 0.6
      },
      {
        "db": "FULLDISC",
        "id": "20080908 [SCIP_ADVISORY 3808] D-LINK DIR-100 LONG URL FILTER EVASION",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20080908 [SCIP_ADVISORY 3808] D-LINK DIR-100 LONG URL FILTER EVASION",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-264",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "32336",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-85630",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-34258",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "69757",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2008-4325"
      },
      {
        "db": "VULHUB",
        "id": "VHN-34258"
      },
      {
        "db": "BID",
        "id": "31050"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-003444"
      },
      {
        "db": "PACKETSTORM",
        "id": "69757"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-264"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4133"
      }
    ]
  },
  "id": "VAR-200809-0058",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2008-4325"
      },
      {
        "db": "VULHUB",
        "id": "VHN-34258"
      }
    ],
    "trust": 0.06999999999999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2008-4325"
      }
    ]
  },
  "last_update_date": "2025-04-10T22:57:32.272000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.dlink.com/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-003444"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-34258"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-003444"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4133"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/31050"
      },
      {
        "trust": 1.7,
        "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0133.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3808"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1020825"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/31767"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/4276"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/496072/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44961"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4133"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-4133"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/44961"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/496072/100/0/threaded"
      },
      {
        "trust": 0.3,
        "url": "http://www.dlink.co.uk/?go=jn7uaylx/oijawvudlyzu93ygjvykujxstvhlpg3yv3ov41/haltbnlwaarp7touamu5j3cf/yenbs7l1kfnl0sstuzf"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/496072"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/31767/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-september/064303.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/19762/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-34258"
      },
      {
        "db": "BID",
        "id": "31050"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-003444"
      },
      {
        "db": "PACKETSTORM",
        "id": "69757"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-264"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4133"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2008-4325"
      },
      {
        "db": "VULHUB",
        "id": "VHN-34258"
      },
      {
        "db": "BID",
        "id": "31050"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-003444"
      },
      {
        "db": "PACKETSTORM",
        "id": "69757"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-264"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4133"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-09-06T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2008-4325"
      },
      {
        "date": "2008-09-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-34258"
      },
      {
        "date": "2008-09-08T00:00:00",
        "db": "BID",
        "id": "31050"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-003444"
      },
      {
        "date": "2008-09-09T20:50:53",
        "db": "PACKETSTORM",
        "id": "69757"
      },
      {
        "date": "2008-09-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200809-264"
      },
      {
        "date": "2008-09-19T17:15:05.593000",
        "db": "NVD",
        "id": "CVE-2008-4133"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-09-06T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2008-4325"
      },
      {
        "date": "2018-10-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-34258"
      },
      {
        "date": "2015-04-16T17:54:00",
        "db": "BID",
        "id": "31050"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-003444"
      },
      {
        "date": "2009-01-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200809-264"
      },
      {
        "date": "2025-04-09T00:30:58.490000",
        "db": "NVD",
        "id": "CVE-2008-4133"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-264"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "D-Link DIR-100 upper  Web In proxy service  Web Vulnerability bypassing restriction filters",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-003444"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-264"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2008-4133

Vulnerability from fkie_nvd - Published: 2008-09-19 17:15 - Updated: 2026-04-23 00:35

Severity ?

Summary

The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters.

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0133.html
cve@mitre.org	http://secunia.com/advisories/31767	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/4276
cve@mitre.org	http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3808
cve@mitre.org	http://www.securityfocus.com/archive/1/496072/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/31050
cve@mitre.org	http://www.securitytracker.com/id?1020825
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/44961
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0133.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31767	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/4276
af854a3a-2127-422b-91ae-364da2661108	http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3808
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/496072/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/31050
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1020825
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/44961

Impacted products

	Vendor	Product	Version
	d-link	dir-100	1.02
	d-link	dir-100	1.12

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:d-link:dir-100:1.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "35434946-565C-4756-BB73-BD1A02566999",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:d-link:dir-100:1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "866C86B9-9CE9-45CC-BECF-1B00869ABE14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters."
    },
    {
      "lang": "es",
      "value": "El servicio web proxy en el  D-Link DIR-100 con firmware 1.12 y anteriores no filtra de manera apropiada las peticiones web con URLs de mucha longitud, permite a atacantes remotos evitar los filtros de restricci\u00f3n web."
    }
  ],
  "id": "CVE-2008-4133",
  "lastModified": "2026-04-23T00:35:47.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-09-19T17:15:05.593",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0133.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31767"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/4276"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3808"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/496072/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/31050"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1020825"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44961"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0133.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31767"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/4276"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3808"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/496072/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/31050"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020825"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44961"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-V8VP-MFX5-JP4X

Vulnerability from github – Published: 2022-05-02 00:07 – Updated: 2022-05-02 00:07

Details

The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-4133"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-09-19T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters.",
  "id": "GHSA-v8vp-mfx5-jp4x",
  "modified": "2022-05-02T00:07:08Z",
  "published": "2022-05-02T00:07:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4133"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44961"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0133.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31767"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/4276"
    },
    {
      "type": "WEB",
      "url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3808"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/496072/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/31050"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1020825"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2008-4133

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters.

Aliases

CVE-2008-4133

Aliases

CVE-2008-4133

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-4133",
    "description": "The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters.",
    "id": "GSD-2008-4133"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-4133"
      ],
      "details": "The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters.",
      "id": "GSD-2008-4133",
      "modified": "2023-12-13T01:22:59.301386Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-4133",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "31050",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/31050"
          },
          {
            "name": "31767",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31767"
          },
          {
            "name": "20080908 [scip_Advisory 3808] D-Link DIR-100 long url filter evasion",
            "refsource": "FULLDISC",
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0133.html"
          },
          {
            "name": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3808",
            "refsource": "MISC",
            "url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3808"
          },
          {
            "name": "4276",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/4276"
          },
          {
            "name": "dlink-dir100-webproxyfilter-security-bypass(44961)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44961"
          },
          {
            "name": "1020825",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1020825"
          },
          {
            "name": "20080908 [scip_Advisory 3808] D-Link DIR-100 long url filter evasion",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/496072/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:d-link:dir-100:1.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:d-link:dir-100:1.02:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4133"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3808",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3808"
            },
            {
              "name": "1020825",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1020825"
            },
            {
              "name": "31767",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/31767"
            },
            {
              "name": "4276",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/4276"
            },
            {
              "name": "31050",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/31050"
            },
            {
              "name": "20080908 [scip_Advisory 3808] D-Link DIR-100 long url filter evasion",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0133.html"
            },
            {
              "name": "dlink-dir100-webproxyfilter-security-bypass(44961)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44961"
            },
            {
              "name": "20080908 [scip_Advisory 3808] D-Link DIR-100 long url filter evasion",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/496072/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-11T20:51Z",
      "publishedDate": "2008-09-19T17:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-4133 (GCVE-0-2008-4133)

VAR-200809-0058

FKIE_CVE-2008-4133

GHSA-V8VP-MFX5-JP4X

GSD-2008-4133

Tags

Sightings

Nomenclature