SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Your Ad Here
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Device (Router/Bridge/Hub)  >  3Com Router Vendors:  3Com
3Com Wireless 8760 Access Point Web Interface Processing Bug Lets Remote Users Service
SecurityTracker Alert ID:  1020807
SecurityTracker URL:  http://securitytracker.com/id?1020807
CVE Reference:  CVE-2008-6395   (Links to External Site)
Updated:  Mar 14 2009
Original Entry Date:  Sep 3 2008
Impact:  Denial of service via network
Description:  A vulnerability was reported in the 3Com Wireless 8760 Access Point. A remote user can cause denial of service conditions.

A remote user can send a specially crafted HTTP POST request to the web interface of the target 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point device to cause the device to crash.

Brandon Shilling and r@b13$ of Digital Defense, Inc. Vulnerability Research Team reported this vulnerability.
Impact:  A remote user can cause the target device to crash.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.3com.com/ (Links to External Site)
Cause:  Input validation error
Reported By:  "DDI_Vulnerability_Alert" <DDI.VulnerabilityAlert@ddifrontline.com>
Message History:   None.

 Source Message Contents
Date:  Tue, 2 Sep 2008 14:52:59 -0500
From:  "DDI_Vulnerability_Alert" <DDI.VulnerabilityAlert@ddifrontline.com>
Subject:  [Full-disclosure] DDIVRT-2008-14 3Com Wireless 8760 Dual Radio


 
Title
---------
DDIVRT-2008-14 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point
Malformed HTTP POST DoS

Severity
--------
Medium

Date Discovered
---------------
May 20, 2008

Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: Brandon Shilling and r@b13$

Vulnerability Description
-------------------------
The 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point is an
enterprise-grade wireless access point.  The web management interface is
vulnerable to a DoS condition due to improper validation of malformed
HTTP POST requests.  Successful exploitation will result in a complete
DoS of the device.

Solution Description
--------------------
3Com has not addressed this issue at this time.  Digital Defense, Inc.
does not currently know of any work arounds for this flaw.

Tested Systems / Software (with versions)
------------------------------------------
Tested against 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point,
firmware unknown.  

Vendor Contact
--------------
Name: 3Com
Website: http://www.3com.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2007, SecurityGlobal.net LLC