CVE-2003-1085
CVSS5.0
发布时间 :2003-12-31 00:00:00
修订时间 :2016-10-17 22:39:15
NMCOS    

[原文]The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ST42.03.0a allows remote attackers to cause a denial of service (unstable service) via a long GET request, possibly caused by a buffer overflow.


[CNNVD]Thomson Cable Modem远程拒绝服务攻击漏洞(CNNVD-200312-257)

        
        Thomson TCM315是宽带有线MODEM设备。
        Thomson TCM315包含的HTTP接口对超长请求缺少正确处理,远程攻击者可以利用这个漏洞进行拒绝服务攻击。
        发送包含超长字符串的HTTP请求给Thomson TCM315 Modem,可导致设备崩溃,停止正常响应。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1085
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-1085
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200312-257
(官方数据源) CNNVD

- 其它链接及资源

http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/014062.html
(UNKNOWN)  FULLDISC  20031123 Thomnson TCM315 Denial of service
http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/014068.html
(UNKNOWN)  FULLDISC  20031124 Thomnson TCM315 Denial of service
http://marc.info/?l=bugtraq&m=110888093214678&w=2
(UNKNOWN)  BUGTRAQ  20050219 Re: [Full-Disclosure] Thomson TCW690 Denial Of Service Vulnerability
http://marc.info/?l=full-disclosure&m=110880725322192&w=2
(UNKNOWN)  FULLDISC  20050219 Thomson TCW690 Denial Of Service Vulnerability
http://www.securityfocus.com/archive/1/345414
(UNKNOWN)  BUGTRAQ  20031123 Thomnson TCM315 Denial of service
http://www.securityfocus.com/bid/9091
(UNKNOWN)  BID  9091
http://www.shellsec.net/leer_advisory.php?id=2
(UNKNOWN)  MISC  http://www.shellsec.net/leer_advisory.php?id=2
http://xforce.iss.net/xforce/xfdb/13815
(UNKNOWN)  XF  thomson-http-get-dos(13815)

- 漏洞信息

Thomson Cable Modem远程拒绝服务攻击漏洞
中危 边界条件错误
2003-12-31 00:00:00 2005-10-20 00:00:00
远程  
        
        Thomson TCM315是宽带有线MODEM设备。
        Thomson TCM315包含的HTTP接口对超长请求缺少正确处理,远程攻击者可以利用这个漏洞进行拒绝服务攻击。
        发送包含超长字符串的HTTP请求给Thomson TCM315 Modem,可导致设备崩溃,停止正常响应。
        

- 公告与补丁

        厂商补丁:
        Thomnson
        --------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        
        http://www.qb.ro/

- 漏洞信息

14022
Thomson TCW690 Cable Modem Long GET Request DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Public

- 漏洞描述

Thomson TCW690 Cable Modem contains a flaw that may allow a remote denial of service. The issue is triggered when an overly long HTTP request (greater than 2000 bytes) is sent to the modem's HTTP server interface, and will result in loss of availability for the platform.

- 时间线

2005-02-19 2005-02-07
2005-02-19 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

Thomson Cable Modem Remote Denial Of Service Vulnerability
Boundary Condition Error 9091
Yes No
2003-11-24 12:00:00 2009-07-12 12:56:00
Discovery credited to Andrés Tarascó.

- 受影响的程序版本

Thomson TCW690 Cable Modem ST42.03.0a
Thomson TCW 690 Cable Modem
Thomson TCM 315 Cable Modem
Thomson TCM 305 Cable Modem

- 漏洞讨论

A problem has been identified in Thomson Cable Modems when handling long requests on the HTTP port. Because of this, it may be possible for an attacker to deny service to legitimate users of the device.

- 漏洞利用

The following exploit was contributed by Administrador de ShellSec:

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站