Details of VAR-200903-0035

ID

VAR-200903-0035

CVE

CVE-2008-6497

TITLE

Neostrada Livebox ADSL Router HTTP Request Denial of Service Vulnerability

Trust: 0.9

sources: BID: 32696 // CNNVD: CNNVD-200903-334

DESCRIPTION

The Neostrada Livebox ADSL Router allows remote attackers to cause a denial of service (network outage) via multiple HTTP requests for the /- URI. Neostrada Livebox ADSL Router is prone to a denial-of-service vulnerability because it fails to adequately handle malformed HTTP requests. Successful exploits will deny service to legitimate users. Given the nature of this issue, remote code execution may be possible, but this has not been confirmed. Neostrada Livebox ADSL Router is a household ADSL access router provided by Polish telecom operators. ---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: Livebox TP Router HTTP Processing Denial of Service SECUNIA ADVISORY ID: SA33026 VERIFY ADVISORY: http://secunia.com/advisories/33026/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network OPERATING SYSTEM: Livebox TP Router http://secunia.com/advisories/product/17862/ DESCRIPTION: 0in has reported a vulnerability in Livebox TP Router, which can be exploited by malicious people to cause a DoS (Denial of Service). SOLUTION: Restrict HTTP access to trusted users only. PROVIDED AND/OR DISCOVERED BY: 0in ORIGINAL ADVISORY: http://milw0rm.com/exploits/7387 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2008-6497 // JVNDB: JVNDB-2009-005495 // BID: 32696 // VULHUB: VHN-36622 // PACKETSTORM: 72937

AFFECTED PRODUCTS

vendor:	tp	model:	neostrada livebox adsl router	scope:	eq	version:	-	Trust: 1.6
vendor:	tp	model:	neostrada livebox adsl router	scope:	-	version:	-	Trust: 0.8
vendor:	telekomunikacja	model:	polska neostrada livebox adsl router	scope:	eq	version:	0	Trust: 0.3

sources: BID: 32696 // JVNDB: JVNDB-2009-005495 // CNNVD: CNNVD-200903-334 // NVD: CVE-2008-6497

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-6497
value:	HIGH
Trust: 1.0
NVD:	CVE-2008-6497
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200903-334
value:	HIGH
Trust: 0.6
VULHUB:	VHN-36622
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2008-6497
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-36622
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-36622 // JVNDB: JVNDB-2009-005495 // CNNVD: CNNVD-200903-334 // NVD: CVE-2008-6497

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-36622 // JVNDB: JVNDB-2009-005495 // NVD: CVE-2008-6497

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200903-334

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200903-334

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-005495

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-36622

PATCH

title:

Top Page

url:

http://www.orange.pl/

Trust: 0.8

sources: JVNDB: JVNDB-2009-005495

EXTERNAL IDS

db:	NVD	id:	CVE-2008-6497	Trust: 2.5
db:	BID	id:	32696	Trust: 2.0
db:	SECUNIA	id:	33026	Trust: 1.9
db:	EXPLOIT-DB	id:	7387	Trust: 1.8
db:	OSVDB	id:	50673	Trust: 1.7
db:	JVNDB	id:	JVNDB-2009-005495	Trust: 0.8
db:	BUGTRAQ	id:	20081208 NEOSTRADA LIVEBOX REMOTE NETWORK DOWN POC EXPLOIT	Trust: 0.6
db:	XF	id:	47183	Trust: 0.6
db:	MILW0RM	id:	7387	Trust: 0.6
db:	CNNVD	id:	CNNVD-200903-334	Trust: 0.6
db:	VULHUB	id:	VHN-36622	Trust: 0.1
db:	PACKETSTORM	id:	72937	Trust: 0.1

sources: VULHUB: VHN-36622 // BID: 32696 // JVNDB: JVNDB-2009-005495 // PACKETSTORM: 72937 // CNNVD: CNNVD-200903-334 // NVD: CVE-2008-6497

REFERENCES

url:	http://www.securityfocus.com/bid/32696	Trust: 1.7
url:	http://osvdb.org/50673	Trust: 1.7
url:	http://secunia.com/advisories/33026	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/499010/100/0/threaded	Trust: 1.1
url:	https://www.exploit-db.com/exploits/7387	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/47183	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-6497	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-6497	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/47183	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/499010/100/0/threaded	Trust: 0.6
url:	http://www.milw0rm.com/exploits/7387	Trust: 0.6
url:	http://www.tp.pl/	Trust: 0.3
url:	/archive/1/499010	Trust: 0.3
url:	http://secunia.com/advisories/product/17862/	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/business_solutions/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://milw0rm.com/exploits/7387	Trust: 0.1
url:	http://secunia.com/advisories/33026/	Trust: 0.1

sources: VULHUB: VHN-36622 // BID: 32696 // JVNDB: JVNDB-2009-005495 // PACKETSTORM: 72937 // CNNVD: CNNVD-200903-334 // NVD: CVE-2008-6497

CREDITS

0in

Trust: 0.9

sources: BID: 32696 // CNNVD: CNNVD-200903-334

SOURCES

db:	VULHUB	id:	VHN-36622
db:	BID	id:	32696
db:	JVNDB	id:	JVNDB-2009-005495
db:	PACKETSTORM	id:	72937
db:	CNNVD	id:	CNNVD-200903-334
db:	NVD	id:	CVE-2008-6497

LAST UPDATE DATE

2025-04-10T23:05:15.283000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-36622	date:	2018-10-11T00:00:00
db:	BID	id:	32696	date:	2008-12-11T18:31:00
db:	JVNDB	id:	JVNDB-2009-005495	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200903-334	date:	2009-03-20T00:00:00
db:	NVD	id:	CVE-2008-6497	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-36622	date:	2009-03-20T00:00:00
db:	BID	id:	32696	date:	2008-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2009-005495	date:	2012-12-20T00:00:00
db:	PACKETSTORM	id:	72937	date:	2008-12-12T12:41:57
db:	CNNVD	id:	CNNVD-200903-334	date:	2009-03-20T00:00:00
db:	NVD	id:	CVE-2008-6497	date:	2009-03-20T00:30:00.453