Sign-up

ID

VAR-200803-0063


CVE

CVE-2008-1267


TITLE

Siemens SpeedStream'basehelp_English.htm HTTP' Request Remote Denial Of Service Vulnerability

Trust: 0.8

sources: IVD: f4f5b0ee-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-200803-145

DESCRIPTION

The Siemens SpeedStream 6520 router allows remote attackers to cause a denial of service (web interface crash) via an HTTP request to basehelp_English.htm with a large integer in the Content-Length field. Siemens SpeedStream 6520 is prone to a remote denial-of-service vulnerability because it fails to handle specially crafted HTTP requests. The basehelp_English.htm has a large integer in the content-length section. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Siemens SpeedStream 6520 HTTP Request Processing Denial of Service SECUNIA ADVISORY ID: SA29325 VERIFY ADVISORY: http://secunia.com/advisories/29325/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network OPERATING SYSTEM: Siemens SpeedStream 6520 http://secunia.com/product/18085/ DESCRIPTION: laurent has reported a vulnerability in Siemens SpeedStream 6520, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing HTTP requests containing an overly large "Content-Length" header. This can be exploited to cause the web service to crash via e.g. a specially crafted HTTP POST request. SOLUTION: Restrict network access to the web service. PROVIDED AND/OR DISCOVERED BY: laurent ORIGINAL ADVISORY: http://www.gnucitizen.org/projects/router-hacking-challenge/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.25

sources: NVD: CVE-2008-1267 // JVNDB: JVNDB-2008-005570 // BID: 28490 // IVD: f4f5b0ee-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-31392 // PACKETSTORM: 64997

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: f4f5b0ee-2351-11e6-abef-000c29c66e3d

AFFECTED PRODUCTS

vendor:siemensmodel:speedstream 6520scope: - version: -

Trust: 1.4

vendor:siemensmodel:speedstream 6520scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:speedstreamscope:eqversion:65200

Trust: 0.3

vendor:speedstream 6520model: - scope:eqversion:*

Trust: 0.2

sources: IVD: f4f5b0ee-2351-11e6-abef-000c29c66e3d // BID: 28490 // JVNDB: JVNDB-2008-005570 // CNNVD: CNNVD-200803-145 // NVD: CVE-2008-1267

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-1267
value: HIGH

Trust: 1.0

NVD: CVE-2008-1267
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200803-145
value: HIGH

Trust: 0.6

IVD: f4f5b0ee-2351-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

VULHUB: VHN-31392
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2008-1267
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: f4f5b0ee-2351-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-31392
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: f4f5b0ee-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-31392 // JVNDB: JVNDB-2008-005570 // CNNVD: CNNVD-200803-145 // NVD: CVE-2008-1267

PROBLEMTYPE DATA

problemtype:CWE-189

Trust: 1.9

sources: VULHUB: VHN-31392 // JVNDB: JVNDB-2008-005570 // NVD: CVE-2008-1267

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200803-145

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-200803-145

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-005570

PATCH
title:Top Pageurl:http://gigaset.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-005570

EXTERNAL IDS
db:NVDid:CVE-2008-1267
Trust: 3.0
db:BIDid:28490
Trust: 2.0
db:SECUNIAid:29325
Trust: 1.8
db:CNNVDid:CNNVD-200803-145
Trust: 0.9
db:JVNDBid:JVNDB-2008-005570
Trust: 0.8
db:BUGTRAQid:20080301 THE ROUTER HACKING CHALLENGE IS OVER!
Trust: 0.6
db:XFid:41123
Trust: 0.6
db:IVDid:F4F5B0EE-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-31392
Trust: 0.1
db:PACKETSTORMid:64997
Trust: 0.1
sources:
            
            
            IVD: f4f5b0ee-2351-11e6-abef-000c29c66e3d // 
            
            
            
            VULHUB: VHN-31392 // 
            
            
            
            BID: 28490 // 
            
            
            
            JVNDB: JVNDB-2008-005570 // 
            
            
            
            PACKETSTORM: 64997 // 
            
            
            
            CNNVD: CNNVD-200803-145 // 
            
            
            
            NVD: CVE-2008-1267

REFERENCES
url:http://www.gnucitizen.org/projects/router-hacking-challenge/
Trust: 2.1
url:http://www.securityfocus.com/bid/28490
Trust: 1.7
url:http://secunia.com/advisories/29325
Trust: 1.7
url:http://www.securityfocus.com/archive/1/489009/100/0/threaded
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/41123
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1267
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1267
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/41123
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/489009/100/0/threaded
Trust: 0.6
url:http://gigaset.siemens.com/shc/0,1935,hq_en_0_147070_rarnrnrnrn,00.html
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:https://psi.secunia.com/?page=changelog
Trust: 0.1
url:https://psi.secunia.com/
Trust: 0.1
url:http://secunia.com/advisories/29325/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/product/18085/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-31392 // 
            
            
            
            BID: 28490 // 
            
            
            
            JVNDB: JVNDB-2008-005570 // 
            
            
            
            PACKETSTORM: 64997 // 
            
            
            
            CNNVD: CNNVD-200803-145 // 
            
            
            
            NVD: CVE-2008-1267

CREDITS
laurent
Trust: 0.9
sources:
            
            
            BID: 28490 // 
            
            
            
            CNNVD: CNNVD-200803-145

SOURCES
db:IVDid:f4f5b0ee-2351-11e6-abef-000c29c66e3d
db:VULHUBid:VHN-31392
db:BIDid:28490
db:JVNDBid:JVNDB-2008-005570
db:PACKETSTORMid:64997
db:CNNVDid:CNNVD-200803-145
db:NVDid:CVE-2008-1267

LAST UPDATE DATE
2025-04-10T21:31:01.640000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-31392date:2018-10-11T00:00:00
db:BIDid:28490date:2008-03-28T16:19:00
db:JVNDBid:JVNDB-2008-005570date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200803-145date:2008-09-05T00:00:00
db:NVDid:CVE-2008-1267date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:IVDid:f4f5b0ee-2351-11e6-abef-000c29c66e3ddate:2008-03-10T00:00:00
db:VULHUBid:VHN-31392date:2008-03-10T00:00:00
db:BIDid:28490date:2008-03-28T00:00:00
db:JVNDBid:JVNDB-2008-005570date:2012-12-20T00:00:00
db:PACKETSTORMid:64997date:2008-03-29T19:46:13
db:CNNVDid:CNNVD-200803-145date:2008-03-10T00:00:00
db:NVDid:CVE-2008-1267date:2008-03-10T17:44:00