Lucene search

[email protected]CVE-2008-1311

HistoryMar 12, 2008 - 5:44 p.m.

CVE-2008-1311

2008-03-1217:44:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2008-1311

tftp server

packettrap pt360 tool suite pro

denial of service

remote attackers

cve

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.7 Medium

AI Score

Confidence

High

0.606 Medium

EPSS

Percentile

97.8%

JSON

The TFTP server in PacketTrap pt360 Tool Suite PRO 2.0.3901.0 and earlier allows remote attackers to cause a denial of service (daemon hang) by uploading a file named (1) ‘|’ (pipe), (2) ‘"’ (quotation mark), or (3) “<>” (less than, greater than); or (4) a file with a long name. NOTE: the issue for vector 4 might exist because of an incomplete fix for CVE-2008-1312.

Affected configurations

NVD

Node

packettrappt360_tool_suite_proRange≤2.0.3901.0

CPENameOperatorVersion
packettrap:pt360_tool_suite_propackettrap pt360 tool suite prole2.0.3901.0

CPE	Name	Operator	Version
packettrap:pt360_tool_suite_pro	packettrap pt360 tool suite pro	le	2.0.3901.0

References

aluigi.altervista.org/adv/packettrash-adv.txt

aluigi.org/testz/tftpx.zip

secunia.com/advisories/29308

securityreason.com/securityalert/3734

www.securityfocus.com/archive/1/489355/100/0/threaded

www.securityfocus.com/bid/28187

www.vupen.com/english/advisories/2008/0811/references

exchange.xforce.ibmcloud.com/vulnerabilities/41073

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.7 Medium

AI Score

Confidence

High

0.606 Medium

EPSS

Percentile

97.8%

JSON

Related for CVE-2008-1311

nvd2 prion2 cvelist2 cve1 nessus1