Pingtel xpressa application.cgi denial of service
| xpressa-applicationcgi-dos (17346) |  Medium Risk |
Description:
Pingtel xpressa is vulnerable to a denial of service. An authenticated remote attacker could send a specially-crafted GET request containing 260 uppercase letter A's to the application.cgi script to cause the operating system to stop responding. The device must be restarted to gain normal functionality.
Consequences:
Denial of Service
Remedy:
No remedy available as of July 9, 2011.
References:
- @stake Inc. Security Advisory A091304-2: Pingtel Xpressa Denial of Service.
- Pingtel Web site: Pingtel.
- BID-11161: Pingtel Xpressa Handset Remote Denial Of Service Vulnerability
- CVE-2004-1680: application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to cause a denial of service (VxWorks OS crash) via a long HTTP GET request, possibly triggering a buffer overflow.
- SA12523: Pingtel Xpressa HTTP Management Interface Denial of Service
Platforms Affected:
- Pingtel Pingtel xpressa PX-1 2.1.11.24
- Wind River VxWorks
Reported:
Sep 13, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net