Packeteer PacketShaper Web Interface Remote Denial of Service Vulnerability
BID:24388
Info
Packeteer PacketShaper Web Interface Remote Denial of Service Vulnerability
| Bugtraq ID: | 24388 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2007-3151 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 08 2007 12:00AM |
| Updated: | May 07 2015 05:37PM |
| Credit: | nnposter discovered this issue. |
| Vulnerable: |
Packeteer PacketShaper 7.5.0g1 Packeteer PacketShaper 7.3.0g2 |
| Not Vulnerable: |
Packeteer PacketShaper 8.2.2 |
Discussion
Packeteer PacketShaper Web Interface Remote Denial of Service Vulnerability
Packeteer PacketShaper is prone to a remote denial-of-service vulnerability because the application's web interface fails to properly handle unexpected requests.
Successfully exploiting this issue allows remote, authenticated attackers to reboot affected devices, denying service to legitimate users.
PacketShaper 7.3.0g2 and 7.5.0g1 are vulnerable to this issue; other versions may also be affected.
Packeteer PacketShaper is prone to a remote denial-of-service vulnerability because the application's web interface fails to properly handle unexpected requests.
Successfully exploiting this issue allows remote, authenticated attackers to reboot affected devices, denying service to legitimate users.
PacketShaper 7.3.0g2 and 7.5.0g1 are vulnerable to this issue; other versions may also be affected.
Exploit / POC
Packeteer PacketShaper Web Interface Remote Denial of Service Vulnerability
Attackers can use a browser to exploit this issue.
The following example URI demonstrates this issue:
http://www.example.com/rpttop.htm?OP.MEAS.DATAQUERY=&MEAS.TYPE=
Attackers can use a browser to exploit this issue.
The following example URI demonstrates this issue:
http://www.example.com/rpttop.htm?OP.MEAS.DATAQUERY=&MEAS.TYPE=
Solution / Fix
Packeteer PacketShaper Web Interface Remote Denial of Service Vulnerability
Solution:
The vendor has addressed this issue in PacketShaper 8.2.2. Contact the vendor for details on obtaining and applying the appropriate updates.
Solution:
The vendor has addressed this issue in PacketShaper 8.2.2. Contact the vendor for details on obtaining and applying the appropriate updates.
References
Packeteer PacketShaper Web Interface Remote Denial of Service Vulnerability
References:
References: