CERTA-2007-AVI-023

Vulnerability from certfr_avis - Published: 2007-01-10 - Updated: 2007-01-10

Une vulnérabilité de l'interface web permet à un utilisateur malveillant de provoquer un déni de service à distance.

Description

Packeteer PacketShaper 9500/ISP est un gestionnaire de bande passante. Il dispose d'une interface web. L'utilisation d'une requête d'une longueur élevée sur cette interface peut provoquer le redémarrage ou l'arrêt du système et provoquer ainsi un déni de service.

Contournement provisoire

Filtrer les requêtes HTTP à destination du système et n'autoriser l'accès qu'aux utilisateurs de confiance.

Packeteer PacketShaper 9500/ISP sous PacketWise 8.x.

Impacted products
Vendor Product Description
References
Bulletin Secunia SA23685 None vendor-advisory

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cSPAN class=\"textit\"\u003ePacketeer  PacketShaper 9500/ISP\u003c/SPAN\u003e sous \u003cSPAN class=\"textit\"\u003ePacketWise  8.x\u003c/SPAN\u003e.",
  "content": "## Description\n\nPacketeer PacketShaper 9500/ISP est un gestionnaire de bande passante.\nIl dispose d\u0027une interface web. L\u0027utilisation d\u0027une requ\u00eate d\u0027une\nlongueur \u00e9lev\u00e9e sur cette interface peut provoquer le red\u00e9marrage ou\nl\u0027arr\u00eat du syst\u00e8me et provoquer ainsi un d\u00e9ni de service.\n\n## Contournement provisoire\n\nFiltrer les requ\u00eates HTTP \u00e0 destination du syst\u00e8me et n\u0027autoriser\nl\u0027acc\u00e8s qu\u0027aux utilisateurs de confiance.\n",
  "cves": [],
  "initial_release_date": "2007-01-10T00:00:00",
  "last_revision_date": "2007-01-10T00:00:00",
  "links": [],
  "reference": "CERTA-2007-AVI-023",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-01-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 de l\u0027interface web permet \u00e0 un utilisateur malveillant\nde provoquer un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de PacketShaper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin Secunia SA23685",
      "url": "http://secunia.com/advisories/23685"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.