SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Device (Router/Bridge/Hub)  >   3Com Router Vendors:   3Com
3Com Wireless 8760 Access Point Web Interface Processing Bug Lets Remote Users Service
SecurityTracker Alert ID:  1020807
SecurityTracker URL:  http://securitytracker.com/id/1020807
CVE Reference:   CVE-2008-6395   (Links to External Site)
Updated:  Mar 14 2009
Original Entry Date:  Sep 3 2008
Impact:   Denial of service via network


Description:   A vulnerability was reported in the 3Com Wireless 8760 Access Point. A remote user can cause denial of service conditions.

A remote user can send a specially crafted HTTP POST request to the web interface of the target 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point device to cause the device to crash.

Brandon Shilling and r@b13$ of Digital Defense, Inc. Vulnerability Research Team reported this vulnerability.
Impact:   A remote user can cause the target device to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.3com.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  

Message History:   None.

 Source Message Contents
Date:  Tue, 2 Sep 2008 14:52:59 -0500
Subject:  [Full-disclosure] DDIVRT-2008-14 3Com Wireless 8760 Dual Radio

Title
---------
DDIVRT-2008-14 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point
Malformed HTTP POST DoS

Severity
--------
Medium

Date Discovered
---------------
May 20, 2008

Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: Brandon Shilling and r@b13$

Vulnerability Description
-------------------------
The 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point is an
enterprise-grade wireless access point.  The web management interface is
vulnerable to a DoS condition due to improper validation of malformed
HTTP POST requests.  Successful exploitation will result in a complete
DoS of the device.

Solution Description
--------------------
3Com has not addressed this issue at this time.  Digital Defense, Inc.
does not currently know of any work arounds for this flaw.

Tested Systems / Software (with versions)
------------------------------------------
Tested against 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point,
firmware unknown.  

Vendor Contact
--------------
Name: 3Com
Website: http://www.3com.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC