Sign-up

ID

VAR-200212-0296


CVE

CVE-2002-1865


TITLE

Remote Denial of Service Attack Vulnerability in HTTP Servers Embedded in Wireless Access Points from Multiple Vendors

Trust: 0.6

sources: CNVD: CNVD-2002-3972

DESCRIPTION

Buffer overflow in the Embedded HTTP server, as used in (1) D-Link DI-804 4.68, Dl-704 V2.56b6, and Dl-704 V2.56b5 and (2) Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.2 through 1.42.7 and Linksys WAP11 1.3 and 1.4, allows remote attackers to cause a denial of service (crash) via a long header, as demonstrated using the Host header. HTTP service programs are embedded in wireless access point devices from multiple vendors.  The embedded HTTP service program in the wireless access point devices of multiple manufacturers does not handle the long HTTP requests correctly. Remote attackers can use this vulnerability to conduct denial of service attacks on wireless access devices.  An attacker can send a malformed HTTP request that contains the Host: field with too many strings, which can cause the device to stop responding to normal communications and cause a denial of service. A device restart is required to restore normal functionality.  Although not confirmed, it should be caused by a buffer overflow, and there may be an opportunity to execute arbitrary instructions on the system with the permissions of the WEB process. An attacker can exploit this vulnerability to cause the device to stop functioning. Although not yet confirmed, it has been speculated that this issue is a result of a buffer overflow

Trust: 1.8

sources: NVD: CVE-2002-1865 // CNVD: CNVD-2002-3972 // BID: 6090 // VULHUB: VHN-6248

AFFECTED PRODUCTS

vendor:d linkmodel:di-804scope:eqversion:4.68

Trust: 1.9

vendor:d linkmodel:dl-704scope:eqversion:2.56_b5

Trust: 1.6

vendor:d linkmodel:dl-704scope:eqversion:2.56_b6

Trust: 1.6

vendor:linksysmodel:wap11scope:eqversion:1.4

Trust: 1.3

vendor:linksysmodel:wap11scope:eqversion:1.3

Trust: 1.3

vendor:linksysmodel:befw11s4scope:eqversion:1.4.2.7

Trust: 1.3

vendor:linksysmodel:befw11s4scope:eqversion:1.37.9b

Trust: 1.0

vendor:linksysmodel:befw11s4scope:eqversion:1.42.7

Trust: 1.0

vendor:linksysmodel:befw11s4scope:eqversion:1.37.2

Trust: 1.0

vendor:linksysmodel:befw11s4scope:eqversion:1.40.3

Trust: 1.0

vendor:linksysmodel:befw11s4scope:eqversion:1.37.2b

Trust: 1.0

vendor:nonemodel: - scope: - version: -

Trust: 0.6

vendor:linksysmodel:etherfast befw11s4 wireless ap cable/dsl routerscope:eqversion:+1.42.7

Trust: 0.3

vendor:linksysmodel:etherfast befw11s4 wireless ap cable/dsl routerscope:eqversion:+1.40.3

Trust: 0.3

vendor:linksysmodel:etherfast befw11s4 wireless ap cable/dsl router bscope:eqversion:+1.37.9

Trust: 0.3

vendor:linksysmodel:etherfast befw11s4 wireless ap cable/dsl router bscope:eqversion:+1.37.2

Trust: 0.3

vendor:linksysmodel:etherfast befw11s4 wireless ap cable/dsl routerscope:eqversion:+1.37.2

Trust: 0.3

vendor:d linkmodel:dl-704 b6scope:eqversion:2.56

Trust: 0.3

vendor:d linkmodel:dl-704 b5scope:eqversion:2.56

Trust: 0.3

sources: CNVD: CNVD-2002-3972 // BID: 6090 // CNNVD: CNNVD-200212-477 // NVD: CVE-2002-1865

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-1865
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200212-477
value: MEDIUM

Trust: 0.6

VULHUB: VHN-6248
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2002-1865
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-6248
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-6248 // CNNVD: CNNVD-200212-477 // NVD: CVE-2002-1865

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1865

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-477

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 6090 // CNNVD: CNNVD-200212-477

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-6248

EXTERNAL IDS
db:NVDid:CVE-2002-1865
Trust: 2.3
db:BIDid:6090
Trust: 2.0
db:CNNVDid:CNNVD-200212-477
Trust: 0.7
db:CNVDid:CNVD-2002-3972
Trust: 0.6
db:NSFOCUSid:3765
Trust: 0.6
db:XFid:10537
Trust: 0.6
db:VULNWATCHid:20021101 RE: IDEFENSE DOS IN LINKSYS BEFSR41 ETHERFAST CABLE/DSL ROUTER + MORE ISSUES DLINK & LINKSYS
Trust: 0.6
db:SEEBUGid:SSVID-75793
Trust: 0.1
db:EXPLOIT-DBid:21978
Trust: 0.1
db:VULHUBid:VHN-6248
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2002-3972 // 
            
            
            
            VULHUB: VHN-6248 // 
            
            
            
            BID: 6090 // 
            
            
            
            CNNVD: CNNVD-200212-477 // 
            
            
            
            NVD: CVE-2002-1865

REFERENCES
url:http://www.securityfocus.com/bid/6090
Trust: 1.7
url:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0052.html
Trust: 1.7
url:http://www.iss.net/security_center/static/10537.php
Trust: 1.7
url:http://www.nsfocus.net/vulndb/3765
Trust: 0.6
url:http://www1.linksys.com/products/product.asp?grid=34&scid=29&prid=607
Trust: 0.3
url:http://www.linksys.com/products/group.asp?grid=23
Trust: 0.3
url:http://www.d-link.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-6248 // 
            
            
            
            BID: 6090 // 
            
            
            
            CNNVD: CNNVD-200212-477 // 
            
            
            
            NVD: CVE-2002-1865

CREDITS
Mark Litchfield※ mark@ngssoftware.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200212-477

SOURCES
db:CNVDid:CNVD-2002-3972
db:VULHUBid:VHN-6248
db:BIDid:6090
db:CNNVDid:CNNVD-200212-477
db:NVDid:CVE-2002-1865

LAST UPDATE DATE
2024-08-14T15:45:46.786000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2002-3972date:2002-11-01T00:00:00
db:VULHUBid:VHN-6248date:2008-09-05T00:00:00
db:BIDid:6090date:2002-11-01T00:00:00
db:CNNVDid:CNNVD-200212-477date:2005-10-20T00:00:00
db:NVDid:CVE-2002-1865date:2008-09-05T20:31:42.933

SOURCES RELEASE DATE
db:CNVDid:CNVD-2002-3972date:2002-11-01T00:00:00
db:VULHUBid:VHN-6248date:2002-12-31T00:00:00
db:BIDid:6090date:2002-11-01T00:00:00
db:CNNVDid:CNNVD-200212-477date:2002-11-01T00:00:00
db:NVDid:CVE-2002-1865date:2002-12-31T05:00:00