Search criteria
4 vulnerabilities found for dm500c by dreambox
VAR-200809-0222
Vulnerability from variot - Updated: 2023-12-18 12:58The web interface in Dreambox DM500C allows remote attackers to cause a denial of service (application hang) via a long URI. The DreamBox DM500 series is an intelligent set-top box device. DreamBox DM500 incorrectly submits a URL request containing a directory traversal character. A remote attacker can exploit the vulnerability to view system file information in the application context. Dreambox is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the affected device, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed. Dreambox DM500C is vulnerable; other models may also be affected. DreamBox DM500 products are prone to a directory-traversal vulnerability because they fail to sufficiently sanitize user-supplied input. Information harvested may aid in launching further attacks. The Dreambox is a series of Linux-powered DVB satellite, terrestrial and cable digital television receivers (set-top box).Dreambox suffers from a file download vulnerability thru directory traversal with appending the '/' character in the HTTP GET method of the affected host address. The attacker can get to sensitive information like paid channel keys, usernames, passwords, config and plug-ins info, etc.Tested on: Linux Kernel 2.6.9, The Gemini Project, Enigma. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/
TITLE: Dreambox DM500 Long Requests Denial of Service Vulnerability
SECUNIA ADVISORY ID: SA31650
VERIFY ADVISORY: http://secunia.com/advisories/31650/
CRITICAL: Not critical
IMPACT: DoS
WHERE:
From local network
OPERATING SYSTEM: Dreambox DM500 http://secunia.com/product/19701/
DESCRIPTION: Marc Ruef has reported a vulnerability in Dreambox DM500, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error within the web interface when processing overly long requests. This can be exploited to cause a DoS by sending malicious requests to a vulnerable device.
SOLUTION: Use a firewall or proxy to filter malicious requests.
PROVIDED AND/OR DISCOVERED BY: Marc Ruef, scip AG
ORIGINAL ADVISORY: http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3807
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064115.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200809-0222",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dm500c",
"scope": null,
"trust": 1.4,
"vendor": "dreambox",
"version": null
},
{
"model": "dm500c",
"scope": "eq",
"trust": 1.0,
"vendor": "dreambox",
"version": "*"
},
{
"model": "multimedia dreambox dm500s",
"scope": null,
"trust": 0.9,
"vendor": "dream",
"version": null
},
{
"model": "multimedia dreambox dm500",
"scope": null,
"trust": 0.9,
"vendor": "dream",
"version": null
},
{
"model": "multimedia dreambox dm500+",
"scope": null,
"trust": 0.9,
"vendor": "dream",
"version": null
},
{
"model": "multimedia dreambox dm500hd",
"scope": null,
"trust": 0.9,
"vendor": "dream",
"version": null
},
{
"model": "multimedia dreambox dm500c",
"scope": null,
"trust": 0.3,
"vendor": "dream",
"version": null
},
{
"model": "multimedia dreambox dm800",
"scope": null,
"trust": 0.3,
"vendor": "dream",
"version": null
},
{
"model": "dreambox dm",
"scope": "eq",
"trust": 0.1,
"vendor": "dream multimedia",
"version": "dm500hd and dm500s"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2011-5013"
},
{
"db": "CNVD",
"id": "CNVD-2011-1870"
},
{
"db": "BID",
"id": "30919"
},
{
"db": "BID",
"id": "47844"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003408"
},
{
"db": "NVD",
"id": "CVE-2008-3936"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-092"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dreambox:dm500c:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3936"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marc Ruef",
"sources": [
{
"db": "BID",
"id": "30919"
}
],
"trust": 0.3
},
"cve": "CVE-2008-3936",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2008-3936",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-3936",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200809-092",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "ZSL",
"id": "ZSL-2011-5013",
"trust": 0.1,
"value": "(3/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2011-5013"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003408"
},
{
"db": "NVD",
"id": "CVE-2008-3936"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-092"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web interface in Dreambox DM500C allows remote attackers to cause a denial of service (application hang) via a long URI. The DreamBox DM500 series is an intelligent set-top box device. DreamBox DM500 incorrectly submits a URL request containing a directory traversal character. A remote attacker can exploit the vulnerability to view system file information in the application context. Dreambox is prone to a remote denial-of-service vulnerability. \nAttackers can exploit this issue to crash the affected device, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed. \nDreambox DM500C is vulnerable; other models may also be affected. DreamBox DM500 products are prone to a directory-traversal vulnerability because they fail to sufficiently sanitize user-supplied input. Information harvested may aid in launching further attacks. The Dreambox is a series of Linux-powered DVB satellite, terrestrial and cable digital television receivers (set-top box).Dreambox suffers from a file download vulnerability thru directory traversal with appending the \u0027/\u0027 character in the HTTP GET method of the affected host address. The attacker can get to sensitive information like paid channel keys, usernames, passwords, config and plug-ins info, etc.Tested on: Linux Kernel 2.6.9, The Gemini Project, Enigma. ----------------------------------------------------------------------\n\nWant a new job?\n\nhttp://secunia.com/secunia_security_specialist/\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nDreambox DM500 Long Requests Denial of Service Vulnerability\n\nSECUNIA ADVISORY ID:\nSA31650\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/31650/\n\nCRITICAL:\nNot critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nDreambox DM500\nhttp://secunia.com/product/19701/\n\nDESCRIPTION:\nMarc Ruef has reported a vulnerability in Dreambox DM500, which can\nbe exploited by malicious people to cause a DoS (Denial of Service). \n\nThe vulnerability is caused due to an error within the web interface\nwhen processing overly long requests. This can be exploited to cause\na DoS by sending malicious requests to a vulnerable device. \n\nSOLUTION:\nUse a firewall or proxy to filter malicious requests. \n\nPROVIDED AND/OR DISCOVERED BY:\nMarc Ruef, scip AG\n\nORIGINAL ADVISORY:\nhttp://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3807\n\nhttp://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064115.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3936"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003408"
},
{
"db": "CNVD",
"id": "CNVD-2011-1870"
},
{
"db": "BID",
"id": "30919"
},
{
"db": "BID",
"id": "47844"
},
{
"db": "ZSL",
"id": "ZSL-2011-5013"
},
{
"db": "PACKETSTORM",
"id": "69522"
}
],
"trust": 2.88
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/dreambox_fd.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2011-5013"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-3936",
"trust": 2.7
},
{
"db": "BID",
"id": "30919",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "31650",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2008-2472",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1020784",
"trust": 1.6
},
{
"db": "SREASON",
"id": "4221",
"trust": 1.6
},
{
"db": "BID",
"id": "47844",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003408",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-1870",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20080829 [SCIP_ADVISORY 3807] DREAMBOX DM500 WEBSERVER LONG URL REQUEST DENIAL OF SERVICE",
"trust": 0.6
},
{
"db": "XF",
"id": "44788",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080829 [SCIP_ADVISORY 3807] DREAMBOX DM500 WEBSERVER LONG URL REQUEST DENIAL OF SERVICE",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200809-092",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "17279",
"trust": 0.1
},
{
"db": "XF",
"id": "67456",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "101385",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2011-5013",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "69522",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2011-5013"
},
{
"db": "CNVD",
"id": "CNVD-2011-1870"
},
{
"db": "BID",
"id": "30919"
},
{
"db": "BID",
"id": "47844"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003408"
},
{
"db": "PACKETSTORM",
"id": "69522"
},
{
"db": "NVD",
"id": "CVE-2008-3936"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-092"
}
]
},
"id": "VAR-200809-0222",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-1870"
}
],
"trust": 1.35
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-1870"
}
]
},
"last_update_date": "2023-12-18T12:58:50.320000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.dream-multimedia-tv.de/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-003408"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-003408"
},
{
"db": "NVD",
"id": "CVE-2008-3936"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3807"
},
{
"trust": 1.7,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-august/064115.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/31650"
},
{
"trust": 1.6,
"url": "http://securityreason.com/securityalert/4221"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/30919"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id?1020784"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/495837/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2008/2472"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44788"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3936"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3936"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/47844/"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/44788"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/495837/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/2472"
},
{
"trust": 0.3,
"url": "http://www.dream-multimedia-tv.de/english/products_dm500.php"
},
{
"trust": 0.3,
"url": "/archive/1/495837"
},
{
"trust": 0.3,
"url": "http://www.dream-multimedia-tv.de"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/31650/"
},
{
"trust": 0.1,
"url": "http://packetstormsecurity.org/files/101385"
},
{
"trust": 0.1,
"url": "http://www.exploit-db.com/exploits/17279/"
},
{
"trust": 0.1,
"url": "http://www.securityfocus.com/bid/47844"
},
{
"trust": 0.1,
"url": "http://securityreason.com/exploitalert/10427"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/xforce/xfdb/67456"
},
{
"trust": 0.1,
"url": "http://www.vfocus.net/art/20110517/9000.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19701/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_specialist/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2011-5013"
},
{
"db": "CNVD",
"id": "CNVD-2011-1870"
},
{
"db": "BID",
"id": "30919"
},
{
"db": "BID",
"id": "47844"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003408"
},
{
"db": "PACKETSTORM",
"id": "69522"
},
{
"db": "NVD",
"id": "CVE-2008-3936"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-092"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2011-5013"
},
{
"db": "CNVD",
"id": "CNVD-2011-1870"
},
{
"db": "BID",
"id": "30919"
},
{
"db": "BID",
"id": "47844"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003408"
},
{
"db": "PACKETSTORM",
"id": "69522"
},
{
"db": "NVD",
"id": "CVE-2008-3936"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-092"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-05-13T00:00:00",
"db": "ZSL",
"id": "ZSL-2011-5013"
},
{
"date": "2011-05-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-1870"
},
{
"date": "2008-08-29T00:00:00",
"db": "BID",
"id": "30919"
},
{
"date": "2011-05-13T00:00:00",
"db": "BID",
"id": "47844"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-003408"
},
{
"date": "2008-09-03T00:17:02",
"db": "PACKETSTORM",
"id": "69522"
},
{
"date": "2008-09-05T15:08:00",
"db": "NVD",
"id": "CVE-2008-3936"
},
{
"date": "2008-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200809-092"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-06-27T00:00:00",
"db": "ZSL",
"id": "ZSL-2011-5013"
},
{
"date": "2011-05-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-1870"
},
{
"date": "2015-05-07T17:24:00",
"db": "BID",
"id": "30919"
},
{
"date": "2011-06-28T17:00:00",
"db": "BID",
"id": "47844"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-003408"
},
{
"date": "2018-10-11T20:50:35.030000",
"db": "NVD",
"id": "CVE-2008-3936"
},
{
"date": "2009-01-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200809-092"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "30919"
},
{
"db": "BID",
"id": "47844"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dreambox DM500C of Web Service disruption at the interface (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-003408"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200809-092"
}
],
"trust": 0.6
}
}
FKIE_CVE-2008-3936
Vulnerability from fkie_nvd - Published: 2008-09-05 15:08 - Updated: 2025-04-09 00:30
Severity ?
Summary
The web interface in Dreambox DM500C allows remote attackers to cause a denial of service (application hang) via a long URI.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dreambox:dm500c:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F08705D-5332-4EF5-A091-1DF9D5D3FAD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web interface in Dreambox DM500C allows remote attackers to cause a denial of service (application hang) via a long URI."
},
{
"lang": "es",
"value": "El interfaz web en Dreambox DM500C permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de una URI larga."
}
],
"id": "CVE-2008-3936",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-05T15:08:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064115.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31650"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4221"
},
{
"source": "cve@mitre.org",
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3807"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/495837/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30919"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securitytracker.com/id?1020784"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2472"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064115.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495837/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30919"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securitytracker.com/id?1020784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44788"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2008-3936 (GCVE-0-2008-3936)
Vulnerability from cvelistv5 – Published: 2008-09-05 15:00 – Updated: 2024-08-07 10:00
VLAI?
Summary
The web interface in Dreambox DM500C allows remote attackers to cause a denial of service (application hang) via a long URI.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:41.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "dreambox-webinterface-dos(44788)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44788"
},
{
"name": "20080829 [scip_Advisory 3807] Dreambox DM500 webserver long URL request denial of service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495837/100/0/threaded"
},
{
"name": "1020784",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020784"
},
{
"name": "ADV-2008-2472",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2472"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3807"
},
{
"name": "31650",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31650"
},
{
"name": "30919",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30919"
},
{
"name": "4221",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4221"
},
{
"name": "20080829 [scip_Advisory 3807] Dreambox DM500 webserver long URL request denial of service",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064115.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web interface in Dreambox DM500C allows remote attackers to cause a denial of service (application hang) via a long URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "dreambox-webinterface-dos(44788)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44788"
},
{
"name": "20080829 [scip_Advisory 3807] Dreambox DM500 webserver long URL request denial of service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495837/100/0/threaded"
},
{
"name": "1020784",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020784"
},
{
"name": "ADV-2008-2472",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2472"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3807"
},
{
"name": "31650",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31650"
},
{
"name": "30919",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30919"
},
{
"name": "4221",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4221"
},
{
"name": "20080829 [scip_Advisory 3807] Dreambox DM500 webserver long URL request denial of service",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064115.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface in Dreambox DM500C allows remote attackers to cause a denial of service (application hang) via a long URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "dreambox-webinterface-dos(44788)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44788"
},
{
"name": "20080829 [scip_Advisory 3807] Dreambox DM500 webserver long URL request denial of service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495837/100/0/threaded"
},
{
"name": "1020784",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020784"
},
{
"name": "ADV-2008-2472",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2472"
},
{
"name": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3807",
"refsource": "MISC",
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3807"
},
{
"name": "31650",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31650"
},
{
"name": "30919",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30919"
},
{
"name": "4221",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4221"
},
{
"name": "20080829 [scip_Advisory 3807] Dreambox DM500 webserver long URL request denial of service",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064115.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3936",
"datePublished": "2008-09-05T15:00:00",
"dateReserved": "2008-09-05T00:00:00",
"dateUpdated": "2024-08-07T10:00:41.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3936 (GCVE-0-2008-3936)
Vulnerability from nvd – Published: 2008-09-05 15:00 – Updated: 2024-08-07 10:00
VLAI?
Summary
The web interface in Dreambox DM500C allows remote attackers to cause a denial of service (application hang) via a long URI.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:41.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "dreambox-webinterface-dos(44788)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44788"
},
{
"name": "20080829 [scip_Advisory 3807] Dreambox DM500 webserver long URL request denial of service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495837/100/0/threaded"
},
{
"name": "1020784",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020784"
},
{
"name": "ADV-2008-2472",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2472"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3807"
},
{
"name": "31650",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31650"
},
{
"name": "30919",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30919"
},
{
"name": "4221",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4221"
},
{
"name": "20080829 [scip_Advisory 3807] Dreambox DM500 webserver long URL request denial of service",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064115.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web interface in Dreambox DM500C allows remote attackers to cause a denial of service (application hang) via a long URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "dreambox-webinterface-dos(44788)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44788"
},
{
"name": "20080829 [scip_Advisory 3807] Dreambox DM500 webserver long URL request denial of service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495837/100/0/threaded"
},
{
"name": "1020784",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020784"
},
{
"name": "ADV-2008-2472",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2472"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3807"
},
{
"name": "31650",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31650"
},
{
"name": "30919",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30919"
},
{
"name": "4221",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4221"
},
{
"name": "20080829 [scip_Advisory 3807] Dreambox DM500 webserver long URL request denial of service",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064115.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface in Dreambox DM500C allows remote attackers to cause a denial of service (application hang) via a long URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "dreambox-webinterface-dos(44788)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44788"
},
{
"name": "20080829 [scip_Advisory 3807] Dreambox DM500 webserver long URL request denial of service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495837/100/0/threaded"
},
{
"name": "1020784",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020784"
},
{
"name": "ADV-2008-2472",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2472"
},
{
"name": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3807",
"refsource": "MISC",
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3807"
},
{
"name": "31650",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31650"
},
{
"name": "30919",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30919"
},
{
"name": "4221",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4221"
},
{
"name": "20080829 [scip_Advisory 3807] Dreambox DM500 webserver long URL request denial of service",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064115.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3936",
"datePublished": "2008-09-05T15:00:00",
"dateReserved": "2008-09-05T00:00:00",
"dateUpdated": "2024-08-07T10:00:41.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}