Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17231
HistoryJun 11, 2007 - 12:00 a.m.

Packeteer PacketShaper Web Management Denial of Service

2007-06-1100:00:00
vulners.com
13
JSON

Packeteer PacketShaper Web Management Denial of Service

Critical: Less critical
Impact: DoS
Where: Local network

Product: Packeteer PacketShaper
http://www.packetshaper.com/

Packeteer PacketShaper is susceptible to a denial of service vulnerability in the web management interface. Requesting a specific URL will cause the device to reboot:

http://(target)/rpttop.htm?OP.MEAS.DATAQUERY=&MEAS.TYPE=

The user must first log in but even read-only "look" access is sufficient.

The vulnerability has been identified in version 7.3.0g2 and 7.5.0g1. However, other versions may be also affected.

Solution:
Restrict network access to the device management interfaces

Snort:
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS
(msg:"WEB-MISC PacketShaper DoS attempt"; flow:to_server,established;
uricontent:"/rpttop.htm"; pcre:"/MEAS\.TYPE=(?!(link|class)&)/U";
classtype:denial-of-service; sid:TBD; rev:1;)

Found by:
nnposter

JSON