PT-2007-4434 · Riverbed · Packetshaper

Published

2007-06-11

Updated

2018-10-16

CVE-2007-3151

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions: PacketShaper versions 7.3.0g2 through 7.5.0g1

Description: The issue allows remote attackers to cause a denial of service, resulting in a device reboot. This is achieved by sending a request with empty values of the OP.MEAS.DATAQUERY and MEAS.TYPE parameters to the 'rpttop.htm' page in the web management interface.

Recommendations: For PacketShaper versions 7.3.0g2 and 7.5.0g1, consider restricting access to the 'rpttop.htm' page in the web management interface until a fix is available. As a temporary workaround, avoid using empty values for the OP.MEAS.DATAQUERY and MEAS.TYPE parameters to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-3151

Affected Products

Packetshaper

PT-2007-4434 · Riverbed · Packetshaper

CVE-2007-3151

Related Identifiers

Affected Products

References · 9