HP Procurve 4000M Switch设备复位服务拒绝漏洞

漏洞信息详情

HP Procurve 4000M Switch设备复位服务拒绝漏洞

• CNNVD编号：CNNVD-200210-248
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2002-1147
  
• 漏洞类型：
  
  
  访问验证错误
  
• 发布时间：
  
  2002-10-11
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2007-05-07
  
• 厂        商：
  
  hp
• 漏洞来源：
  Discovery credited…

带有堆码功能以及远程管理可用的HP Procurve 4000M Switch 固件C.09.16之前版本的HTTP管理界面不坚定复位设备的请求，远程攻击者可以借助到device_reset CGI程序的直接请求导致服务拒绝。

HP has issued an advisory. A temporary fix is available for download. The file, C_09_16.swi is available for download at the following location.
ftp://procurve:4000m1@hprc.external.hp.com/
or: ftp://procurve:4000m1@192.170.19.51/
file: C_09_16.swi
It should be noted that this is a temporary file and will be removed when a product upgrade is available. Further information is available in the referenced advisory.
HP Procurve Switch 2424M

• HP C_09_16.swi
  ftp://procurve:4000m1@hprc.external.hp.com/

HP Procurve Switch 4000M

• HP C_09_16.swi
  ftp://procurve:4000m1@hprc.external.hp.com/

HP Procurve Switch 2400M

• HP C_09_16.swi
  ftp://procurve:4000m1@hprc.external.hp.com/

HP Procurve Switch 1600M

• HP C_09_16.swi
  ftp://procurve:4000m1@hprc.external.hp.com/

HP Procurve Switch 8000M

• HP C_09_16.swi
  ftp://procurve:4000m1@hprc.external.hp.com/

来源: BUGTRAQ
名称: 20020924 HP Procurve 4000M Stacked Switch HTTP Reset Vulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103287951910420&w=2

来源: www.tech-serve.com
链接:http://www.tech-serve.com/research/advisories/2002/a092302-1.txt

来源: BID
名称: 5784
链接:http://www.securityfocus.com/bid/5784

来源: XF
名称: hp-procurve-http-reset-dos(10172)
链接:http://www.iss.net/security_center/static/10172.php

来源: HP
名称: HPSBUX0209-219
链接:http://online.securityfocus.com/advisories/4501