VOIP: Pingtel Xpressa Denial of Service

This signature detects attempts to exploit a known vulnerability in Pingtel Xpressa phones. Attackers can supply an overly long request to the HTTP management server on the phone to execute arbitrary code or crash the phone (the phone must be rebooted).

Extended Description

Pingtel Xpressa handsets are reported prone to a remote denial of service vulnerability. The issue is reported to exist because of a lack of sufficient boundary checks performed on HTTP request data handled by the Xpressa administration web server. It is reported that a remote attacker may exploit this vulnerability to effectively deny service to the affected handset. Due to the nature of this vulnerability, it is reported that this issue may be exploited in order to execute arbitrary code.

Affected Products

Pingtel xpressa,Pingtel xpressa

Short Name
VOIP:MGMT:XPRESSA-HTTP-DOS
Severity
Minor
Recommended
False
Recommended Action
None
Category
VOIP
Keywords
CVE-2004-1680 Denial Pingtel Service Xpressa bid:11161 of
Release Date
10/21/2004
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3375
False Positive
Unknown
Vendors

Pingtel

CVSS Score

5.0

Found a potential security threat?