Pingtel Xpressa 1.2.x/2.0/2.1 - Handset Remote Denial of Service

EDB-ID:

24592

CVE:

N/A


Author:

@stake

Type:

dos


Platform:

Multiple

Date:

2004-09-13


source: https://www.securityfocus.com/bid/11161/info

Pingtel Xpressa handsets are reported prone to a remote denial of service vulnerability. The issue is reported to exist because of a lack of sufficient boundary checks performed on HTTP request data handled by the Xpressa administration web server. 

It is reported that a remote attacker may exploit this vulnerability to effectively deny service to the affected handset. Due to the nature of this vulnerability, it is reported that this issue may be exploited in order to execute arbitrary code.

GET /<buffer>/cgi/application.cgi HTTP/1.0
Authorization: Basic [base64authstring]