Sign-up

ID

VAR-200903-0061


CVE

CVE-2008-6395


TITLE

3Com Wireless 8760 Dual-Radio 11a/b/g PoE HTTP POST Request Denial of Service Vulnerability

Trust: 0.9

sources: BID: 30988 // CNNVD: CNNVD-200903-060

DESCRIPTION

The web management interface in 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point allows remote attackers to cause a denial of service (device crash) via a malformed HTTP POST request. 3Com Wireless 8760 Dual-Radio 11a/b/g PoE Access Point is prone to a denial-of-service vulnerability. Successfully exploiting this issue will allow attackers to crash the affected application, denying service to legitimate users. SOLUTION: Restrict network access to the web management interface. PROVIDED AND/OR DISCOVERED BY: Brandon Shilling and r@b13$, Digital Defense, Inc. Vulnerability Research Team ORIGINAL ADVISORY: DDIVRT-2008-14: http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064226.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2008-6395 // JVNDB: JVNDB-2009-002900 // BID: 30988 // VULHUB: VHN-36520 // PACKETSTORM: 69672

AFFECTED PRODUCTS

vendor:3commodel:wireless 8760 dual-radioscope: - version: -

Trust: 1.4

vendor:3commodel:wireless 8760 dual-radioscope:eqversion:*

Trust: 1.0

vendor:3commodel:wireless dual-radio 11a/b/g poescope:eqversion:87600

Trust: 0.3

sources: BID: 30988 // JVNDB: JVNDB-2009-002900 // CNNVD: CNNVD-200903-060 // NVD: CVE-2008-6395

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-6395
value: HIGH

Trust: 1.0

NVD: CVE-2008-6395
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200903-060
value: HIGH

Trust: 0.6

VULHUB: VHN-36520
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2008-6395
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-36520
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-36520 // JVNDB: JVNDB-2009-002900 // CNNVD: CNNVD-200903-060 // NVD: CVE-2008-6395

PROBLEMTYPE DATA

problemtype:CWE-134

Trust: 1.8

sources: JVNDB: JVNDB-2009-002900 // NVD: CVE-2008-6395

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200903-060

TYPE

format string

Trust: 0.6

sources: CNNVD: CNNVD-200903-060

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-002900

PATCH
title:Top Pageurl:http://h17007.www1.hp.com/us/en/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-002900

EXTERNAL IDS
db:NVDid:CVE-2008-6395
Trust: 2.8
db:BIDid:30988
Trust: 2.0
db:SECUNIAid:31714
Trust: 1.8
db:SECTRACKid:1020807
Trust: 1.7
db:JVNDBid:JVNDB-2009-002900
Trust: 0.8
db:XFid:3
Trust: 0.6
db:XFid:44890
Trust: 0.6
db:FULLDISCid:20080902 DDIVRT-2008-14 3COM WIRELESS 8760 DUAL RADIO 11A/B/G POE ACCESS POINT MALFORMED HTTP POST DOS
Trust: 0.6
db:CNNVDid:CNNVD-200903-060
Trust: 0.6
db:VULHUBid:VHN-36520
Trust: 0.1
db:PACKETSTORMid:69672
Trust: 0.1
sources:
            
            
            VULHUB: VHN-36520 // 
            
            
            
            BID: 30988 // 
            
            
            
            JVNDB: JVNDB-2009-002900 // 
            
            
            
            PACKETSTORM: 69672 // 
            
            
            
            CNNVD: CNNVD-200903-060 // 
            
            
            
            NVD: CVE-2008-6395

REFERENCES
url:http://lists.grok.org.uk/pipermail/full-disclosure/2008-september/064226.html
Trust: 1.8
url:http://www.securityfocus.com/bid/30988
Trust: 1.7
url:http://www.securitytracker.com/id?1020807
Trust: 1.7
url:http://secunia.com/advisories/31714
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/44890
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-6395
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-6395
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/44890
Trust: 0.6
url:http://seclists.org/fulldisclosure/2008/sep/0058.html
Trust: 0.3
url:http://www.3com.com/products/en_us/detail.jsp?pathtype=purchase&tab=features&sku=3crwe876075
Trust: 0.3
url:http://secunia.com/product/19748/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/31714/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/corporate/jobs/open_positions/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-36520 // 
            
            
            
            BID: 30988 // 
            
            
            
            JVNDB: JVNDB-2009-002900 // 
            
            
            
            PACKETSTORM: 69672 // 
            
            
            
            CNNVD: CNNVD-200903-060 // 
            
            
            
            NVD: CVE-2008-6395

CREDITS
Brandon Shilling
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200903-060

SOURCES
db:VULHUBid:VHN-36520
db:BIDid:30988
db:JVNDBid:JVNDB-2009-002900
db:PACKETSTORMid:69672
db:CNNVDid:CNNVD-200903-060
db:NVDid:CVE-2008-6395

LAST UPDATE DATE
2025-04-10T20:10:48.696000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-36520date:2017-08-17T00:00:00
db:BIDid:30988date:2015-05-07T17:24:00
db:JVNDBid:JVNDB-2009-002900date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200903-060date:2009-03-13T00:00:00
db:NVDid:CVE-2008-6395date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-36520date:2009-03-04T00:00:00
db:BIDid:30988date:2008-09-02T00:00:00
db:JVNDBid:JVNDB-2009-002900date:2012-06-26T00:00:00
db:PACKETSTORMid:69672date:2008-09-05T20:38:51
db:CNNVDid:CNNVD-200903-060date:2008-09-02T00:00:00
db:NVDid:CVE-2008-6395date:2009-03-04T17:30:02.407