发布时间 :2003-12-31 00:00:00
修订时间 :2017-07-10 21:29:43

[原文]The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ST42.03.0a allows remote attackers to cause a denial of service (unstable service) via a long GET request, possibly caused by a buffer overflow.

[CNNVD]Thomson Cable Modem远程拒绝服务攻击漏洞(CNNVD-200312-257)

        Thomson TCM315是宽带有线MODEM设备。
        Thomson TCM315包含的HTTP接口对超长请求缺少正确处理,远程攻击者可以利用这个漏洞进行拒绝服务攻击。
        发送包含超长字符串的HTTP请求给Thomson TCM315 Modem,可导致设备崩溃,停止正常响应。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  FULLDISC  20031123 Thomnson TCM315 Denial of service
(UNKNOWN)  FULLDISC  20031124 Thomnson TCM315 Denial of service
(UNKNOWN)  BUGTRAQ  20050219 Re: [Full-Disclosure] Thomson TCW690 Denial Of Service Vulnerability
(UNKNOWN)  FULLDISC  20050219 Thomson TCW690 Denial Of Service Vulnerability
(UNKNOWN)  BUGTRAQ  20031123 Thomnson TCM315 Denial of service
(UNKNOWN)  BID  9091
(UNKNOWN)  XF  thomson-http-get-dos(13815)

- 漏洞信息

Thomson Cable Modem远程拒绝服务攻击漏洞
中危 边界条件错误
2003-12-31 00:00:00 2005-10-20 00:00:00
        Thomson TCM315是宽带有线MODEM设备。
        Thomson TCM315包含的HTTP接口对超长请求缺少正确处理,远程攻击者可以利用这个漏洞进行拒绝服务攻击。
        发送包含超长字符串的HTTP请求给Thomson TCM315 Modem,可导致设备崩溃,停止正常响应。

- 公告与补丁


- 漏洞信息

Thomson TCW690 Cable Modem Long GET Request DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Public

- 漏洞描述

Thomson TCW690 Cable Modem contains a flaw that may allow a remote denial of service. The issue is triggered when an overly long HTTP request (greater than 2000 bytes) is sent to the modem's HTTP server interface, and will result in loss of availability for the platform.

- 时间线

2005-02-19 2005-02-07
2005-02-19 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

Thomson Cable Modem Remote Denial Of Service Vulnerability
Boundary Condition Error 9091
Yes No
2003-11-24 12:00:00 2009-07-12 12:56:00
Discovery credited to Andrés Tarascó.

- 受影响的程序版本

Thomson TCW690 Cable Modem ST42.03.0a
Thomson TCW 690 Cable Modem
Thomson TCM 315 Cable Modem
Thomson TCM 305 Cable Modem

- 漏洞讨论

A problem has been identified in Thomson Cable Modems when handling long requests on the HTTP port. Because of this, it may be possible for an attacker to deny service to legitimate users of the device.

- 漏洞利用

The following exploit was contributed by Administrador de ShellSec:

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: <>.

- 相关参考