CERTA-2007-AVI-023
Vulnerability from certfr_avis

Une vulnérabilité de l'interface web permet à un utilisateur malveillant de provoquer un déni de service à distance.

Description

Packeteer PacketShaper 9500/ISP est un gestionnaire de bande passante. Il dispose d'une interface web. L'utilisation d'une requête d'une longueur élevée sur cette interface peut provoquer le redémarrage ou l'arrêt du système et provoquer ainsi un déni de service.

Contournement provisoire

Filtrer les requêtes HTTP à destination du système et n'autoriser l'accès qu'aux utilisateurs de confiance.

Packeteer PacketShaper 9500/ISP sous PacketWise 8.x.

Impacted products
Vendor Product Description
References
Bulletin Secunia SA23685 None vendor-advisory

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cSPAN class=\"textit\"\u003ePacketeer  PacketShaper 9500/ISP\u003c/SPAN\u003e sous \u003cSPAN class=\"textit\"\u003ePacketWise  8.x\u003c/SPAN\u003e.",
  "content": "## Description\n\nPacketeer PacketShaper 9500/ISP est un gestionnaire de bande passante.\nIl dispose d\u0027une interface web. L\u0027utilisation d\u0027une requ\u00eate d\u0027une\nlongueur \u00e9lev\u00e9e sur cette interface peut provoquer le red\u00e9marrage ou\nl\u0027arr\u00eat du syst\u00e8me et provoquer ainsi un d\u00e9ni de service.\n\n## Contournement provisoire\n\nFiltrer les requ\u00eates HTTP \u00e0 destination du syst\u00e8me et n\u0027autoriser\nl\u0027acc\u00e8s qu\u0027aux utilisateurs de confiance.\n",
  "cves": [],
  "initial_release_date": "2007-01-10T00:00:00",
  "last_revision_date": "2007-01-10T00:00:00",
  "links": [],
  "reference": "CERTA-2007-AVI-023",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-01-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 de l\u0027interface web permet \u00e0 un utilisateur malveillant\nde provoquer un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de PacketShaper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin Secunia SA23685",
      "url": "http://secunia.com/advisories/23685"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.