CVE-2002-1147

Severity

71%

Complexity

86%

Confidentiality

115%

Successful exploitation requires that stacking features and remote administration are enabled.

The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of service via a direct request to the device_reset CGI program.

Successful exploitation requires that stacking features and remote administration are enabled.

CVSS 2.0 Base Score 7.1. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C).

Overview

First reported 22 years ago

2002-10-11 04:00:00

Last updated 8 years ago

2016-10-18 02:24:00

Affected Software

HP procurve switch 4000m

References

20020924 HP Procurve 4000M Stacked Switch HTTP Reset Vulnerability

HPSBUX0209-219

Vendor Advisory

hp-procurve-http-reset-dos(10172)

Vendor Advisory

5784

http://www.tech-serve.com/research/advisories/2002/a092302-1.txt

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.