ID CVE-2004-2691
Summary Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. NOTE: the provenance of this information is unknown; details are obtained from third party reports.
References
Vulnerable Configurations
  • cpe:2.3:h:3com:3c17205-us:-:firmware_3.30
    cpe:2.3:h:3com:3c17205-us:-:firmware_3.30
  • cpe:2.3:h:3com:3c17210-us:-:firmware_3.30
    cpe:2.3:h:3com:3c17210-us:-:firmware_3.30
  • cpe:2.3:h:3com:superstack_3_switch:4400:firmware_3.30
    cpe:2.3:h:3com:superstack_3_switch:4400:firmware_3.30
  • cpe:2.3:h:3com:superstack_3_switch:4400_se:firmware_3.30
    cpe:2.3:h:3com:superstack_3_switch:4400_se:firmware_3.30
CVSS
Base: 7.1 (as of 09-10-2007 - 20:33)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
metasploit via4
description This module causes a temporary denial of service condition against 3Com SuperStack switches. By sending excessive data to the HTTP Management interface, the switch stops responding temporarily. The device does not reset. Tested successfully against a 3300SM firmware v2.66. Reported to affect versions prior to v2.72.
id MSF:AUXILIARY/DOS/HTTP/3COM_SUPERSTACK_SWITCH
last seen 2019-03-20
modified 2017-11-08
published 2009-07-01
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/3com_superstack_switch.rb
title 3Com SuperStack Switch Denial of Service
refmap via4
osvdb 7246
secunia 11934
xf 3com-superstack-mngmt-dos(16497)
Last major update 05-09-2008 - 16:44
Published 31-12-2004 - 00:00
Last modified 28-07-2017 - 21:29
Back to Top