Details of VAR-200312-0278

ID

VAR-200312-0278

CVE

CVE-2003-1085

TITLE

Thomson Cable Modem Remote Denial of Service Attack Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200312-257

DESCRIPTION

The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ST42.03.0a allows remote attackers to cause a denial of service (unstable service) via a long GET request, possibly caused by a buffer overflow. A problem has been identified in Thomson Cable Modems when handling long requests on the HTTP port. Because of this, it may be possible for an attacker to deny service to legitimate users of the device. Thomson TCM315 is a broadband wired MODEM device

Trust: 1.26

sources: NVD: CVE-2003-1085 // BID: 9091 // VULHUB: VHN-7910

AFFECTED PRODUCTS

vendor:	thomson	model:	tcw cable modem	scope:	eq	version:	690	Trust: 0.9
vendor:	thomson	model:	tcm cable modem	scope:	eq	version:	315	Trust: 0.9
vendor:	thomson	model:	tcm cable modem	scope:	eq	version:	305	Trust: 0.9
vendor:	thomson	model:	tcw cable modem	scope:	eq	version:	690_st42.03.0a	Trust: 0.6
vendor:	thomson	model:	tcw690 cable modem st42.03.0a	scope:	-	version:	-	Trust: 0.3

sources: BID: 9091 // CNNVD: CNNVD-200312-257

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-1085
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200312-257
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-7910
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2003-1085
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-7910
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-7910 // CNNVD: CNNVD-200312-257 // NVD: CVE-2003-1085

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-1085

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200312-257

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 9091 // CNNVD: CNNVD-200312-257

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-7910

EXTERNAL IDS

db:	BID	id:	9091	Trust: 2.0
db:	NVD	id:	CVE-2003-1085	Trust: 2.0
db:	SECUNIA	id:	10286	Trust: 1.7
db:	SECUNIA	id:	14353	Trust: 1.7
db:	CNNVD	id:	CNNVD-200312-257	Trust: 0.7
db:	XF	id:	13815	Trust: 0.6
db:	FULLDISC	id:	20031124 THOMNSON TCM315 DENIAL OF SERVICE	Trust: 0.6
db:	FULLDISC	id:	20031123 THOMNSON TCM315 DENIAL OF SERVICE	Trust: 0.6
db:	FULLDISC	id:	20050219 THOMSON TCW690 DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	BUGTRAQ	id:	20031123 THOMNSON TCM315 DENIAL OF SERVICE	Trust: 0.6
db:	BUGTRAQ	id:	20050219 RE: [FULL-DISCLOSURE] THOMSON TCW690 DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	NSFOCUS	id:	5724	Trust: 0.6
db:	EXPLOIT-DB	id:	25124	Trust: 0.1
db:	SEEBUG	id:	SSVID-78791	Trust: 0.1
db:	VULHUB	id:	VHN-7910	Trust: 0.1

sources: VULHUB: VHN-7910 // BID: 9091 // CNNVD: CNNVD-200312-257 // NVD: CVE-2003-1085

REFERENCES

url:	http://www.securityfocus.com/bid/9091	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/345414	Trust: 1.7
url:	http://lists.grok.org.uk/pipermail/full-disclosure/2003-november/014062.html	Trust: 1.7
url:	http://lists.grok.org.uk/pipermail/full-disclosure/2003-november/014068.html	Trust: 1.7
url:	http://www.shellsec.net/leer_advisory.php?id=2	Trust: 1.7
url:	http://secunia.com/advisories/10286	Trust: 1.7
url:	http://secunia.com/advisories/14353	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/13815	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=110888093214678&w=2	Trust: 1.0
url:	http://marc.info/?l=full-disclosure&m=110880725322192&w=2	Trust: 1.0
url:	http://xforce.iss.net/xforce/xfdb/13815	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=full-disclosure&m=110880725322192&w=2	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=110888093214678&w=2	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/5724	Trust: 0.6
url:	http://archives.neohapsis.com/archives/fulldisclosure/2003-q4/2826.html	Trust: 0.3
url:	/archive/1/345414	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=110888093214678&w=2	Trust: 0.1
url:	http://marc.info/?l=full-disclosure&m=110880725322192&w=2	Trust: 0.1

sources: VULHUB: VHN-7910 // BID: 9091 // CNNVD: CNNVD-200312-257 // NVD: CVE-2003-1085

CREDITS

Andrés Tarascó※ admin@shellsec.net

Trust: 0.6

sources: CNNVD: CNNVD-200312-257

SOURCES

db:	VULHUB	id:	VHN-7910
db:	BID	id:	9091
db:	CNNVD	id:	CNNVD-200312-257
db:	NVD	id:	CVE-2003-1085

LAST UPDATE DATE

2024-08-14T14:29:29.557000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-7910	date:	2017-07-11T00:00:00
db:	BID	id:	9091	date:	2009-07-12T00:56:00
db:	CNNVD	id:	CNNVD-200312-257	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2003-1085	date:	2017-07-11T01:29:43.760

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-7910	date:	2003-12-31T00:00:00
db:	BID	id:	9091	date:	2003-11-24T00:00:00
db:	CNNVD	id:	CNNVD-200312-257	date:	2003-11-24T00:00:00
db:	NVD	id:	CVE-2003-1085	date:	2003-12-31T05:00:00