| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2571D31D42513640AE1632FEE100E0E40246F1F6@hypercom.defense.local> Date: Tue, 2 Sep 2008 14:52:59 -0500 From: "DDI_Vulnerability_Alert" <DDI.VulnerabilityAlert@...frontline.com> To: <vuln@...unia.com>, <full-disclosure@...ts.grok.org.uk> Subject: DDIVRT-2008-14 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point Malformed HTTP POST DoS Title --------- DDIVRT-2008-14 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point Malformed HTTP POST DoS Severity -------- Medium Date Discovered --------------- May 20, 2008 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Brandon Shilling and r@...$ Vulnerability Description ------------------------- The 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point is an enterprise-grade wireless access point. The web management interface is vulnerable to a DoS condition due to improper validation of malformed HTTP POST requests. Successful exploitation will result in a complete DoS of the device. Solution Description -------------------- 3Com has not addressed this issue at this time. Digital Defense, Inc. does not currently know of any work arounds for this flaw. Tested Systems / Software (with versions) ------------------------------------------ Tested against 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point, firmware unknown. Vendor Contact -------------- Name: 3Com Website: http://www.3com.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists