Search...

CVE-2004-2078

2004-02-09T05:00:00

ID CVE-2004-2078
Type cve
Reporter cve@mitre.org
Modified 2017-07-11T01:31:00

Description

Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote attackers to cause a denial of service (reboot and loss of logged events) via a long request to TCP port 80, possibly triggering a buffer overflow.

JSON Vulners Source

Initial Source

{"id": "CVE-2004-2078", "bulletinFamily": "NVD", "title": "CVE-2004-2078", "description": "Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote attackers to cause a denial of service (reboot and loss of logged events) via a long request to TCP port 80, possibly triggering a buffer overflow.", "published": "2004-02-09T05:00:00", "modified": "2017-07-11T01:31:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2078", "reporter": "cve@mitre.org", "references": ["http://www.securiteam.com/securitynews/5SP0C0KC0A.html", "http://www.osvdb.org/3891", "https://exchange.xforce.ibmcloud.com/vulnerabilities/15086", "http://secunia.com/advisories/10832", "http://marc.info/?l=full-disclosure&m=107635119005407&w=2", "http://genhex.org/releases/031003.txt", "http://securitytracker.com/id?1009001", "http://www.securityfocus.com/bid/9618", "http://www.securityfocus.com/archive/1/353211"], "cvelist": ["CVE-2004-2078"], "type": "cve", "lastseen": "2021-02-02T05:23:00", "edition": 4, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:3891"]}, {"type": "exploitdb", "idList": ["EDB-ID:23672"]}], "modified": "2021-02-02T05:23:00", "rev": 2}, "score": {"value": 6.1, "vector": "NONE", "modified": "2021-02-02T05:23:00", "rev": 2}, "vulnersScore": 6.1}, "cpe": ["cpe:/h:red-m:red-alert:2.7.5_v3.1_build_24"], "affectedSoftware": [{"cpeName": "red-m:red-alert", "name": "red-m red-alert", "operator": "eq", "version": "2.7.5_v3.1_build_24"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:h:red-m:red-alert:2.7.5_v3.1_build_24:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:red-m:red-alert:2.7.5_v3.1_build_24:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "1009001", "refsource": "SECTRACK", "tags": ["Patch", "Vendor Advisory", "Exploit"], "url": "http://securitytracker.com/id?1009001"}, {"name": "3891", "refsource": "OSVDB", "tags": ["Vendor Advisory"], "url": "http://www.osvdb.org/3891"}, {"name": "redalert-long-request-dos(15086)", "refsource": "XF", "tags": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15086"}, {"name": "http://genhex.org/releases/031003.txt", "refsource": "MISC", "tags": ["Vendor Advisory"], "url": "http://genhex.org/releases/031003.txt"}, {"name": "20040209 Red-M Red-Alert Multiple Vulnerabilities", "refsource": "FULLDISC", "tags": [], "url": "http://marc.info/?l=full-disclosure&m=107635119005407&w=2"}, {"name": "20040209 Red-M Red-Alert Multiple Vulnerabilities", "refsource": "BUGTRAQ", "tags": ["Vendor Advisory"], "url": "http://www.securityfocus.com/archive/1/353211"}, {"name": "http://www.securiteam.com/securitynews/5SP0C0KC0A.html", "refsource": "MISC", "tags": ["Vendor Advisory"], "url": "http://www.securiteam.com/securitynews/5SP0C0KC0A.html"}, {"name": "10832", "refsource": "SECUNIA", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/10832"}, {"name": "9618", "refsource": "BID", "tags": ["Vendor Advisory"], "url": "http://www.securityfocus.com/bid/9618"}]}

{"osvdb": [{"lastseen": "2017-04-28T13:19:58", "bulletinFamily": "software", "cvelist": ["CVE-2004-2078"], "edition": 1, "description": "## Vulnerability Description\nRed-Alert contains a flaw that may allow a remote denial of service. The issue is triggered when a very long string is sent to port 80, and will result in loss of availability for the platform.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Red-M has released a patch to address this vulnerability.\n## Short Description\nRed-Alert contains a flaw that may allow a remote denial of service. The issue is triggered when a very long string is sent to port 80, and will result in loss of availability for the platform.\n## Manual Testing Notes\nperl -e 'print \"a\"x1230 . \"\\r\\n\\r\\n\"| nc <device ip> 80 \n## References:\nVendor URL: http://www.red-m.com/\nVendor URL: http://www.red-m.com\nSecurity Tracker: 1009001\n[Secunia Advisory ID:10832](https://secuniaresearch.flexerasoftware.com/advisories/10832/)\n[Related OSVDB ID: 3953](https://vulners.com/osvdb/OSVDB:3953)\n[Related OSVDB ID: 3952](https://vulners.com/osvdb/OSVDB:3952)\nOther Advisory URL: http://genhex.org/releases/031003.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-02/0233.html\nISS X-Force ID: 15086\n[CVE-2004-2078](https://vulners.com/cve/CVE-2004-2078)\nBugtraq ID: 9618\n", "modified": "2004-02-08T07:08:46", "published": "2004-02-08T07:08:46", "href": "https://vulners.com/osvdb/OSVDB:3891", "id": "OSVDB:3891", "type": "osvdb", "title": "Red-Alert Long String DoS ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-02T21:32:14", "description": "Red-M Red-Alert 3.1 Remote Vulnerabilities. CVE-2004-2078. Dos exploit for hardware platform", "published": "2004-02-09T00:00:00", "type": "exploitdb", "title": "Red-M Red-Alert 3.1 - Remote Vulnerabilities", "bulletinFamily": "exploit", "cvelist": ["CVE-2004-2078"], "modified": "2004-02-09T00:00:00", "id": "EDB-ID:23672", "href": "https://www.exploit-db.com/exploits/23672/", "sourceData": "source: http://www.securityfocus.com/bid/9618/info\r\n\r\nProblems in various abilities have been identified in the Red-M Red-Alert network monitors. Because of this issues, an attacker may be able to crash a vulnerable device and eliminate logs, gain unauthorized access to the administrative interface, or partially evade detection by an affected device.\r\n\r\n$ perl -e 'print \"a\"x1230 . \"\\r\\n\\r\\n\"| nc <device ip> 80", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/23672/"}]}