CVE-2008-4403 - OpenCVE

The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via crafted HTTP headers, related to the "error handling mechanism."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Trend Micro	Officescan

Configuration 1 [-]

OR	cpe:2.3:a:trend_micro:officescan:8.0:sp1::::::
	cpe:2.3:a:trend_micro:officescan:8.0:sp1_patch1::::::

References

Link	Resource
http://secunia.com/advisories/32097	Vendor Advisory
http://www.securityfocus.com/bid/31531
http://www.securitytracker.com/id?1020974
http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt
http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt
http://www.vupen.com/english/advisories/2008/2712
https://exchange.xforce.ibmcloud.com/vulnerabilities/45599

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-10-03T15:00:00

Updated: 2017-08-07T12:57:01

Reserved: 2008-10-03T00:00:00

Link: CVE-2008-4403

JSON object: View

NVD Information

Status : Modified

Published: 2008-10-03T15:07:10.807

Modified: 2017-08-08T01:32:37.233

Link: CVE-2008-4403

JSON object: View

Redhat Information

No data.

CWE

CWE-399

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-10-02T00:00:00", "descriptions": [{"lang": "en", "value": "The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via crafted HTTP headers, related to the \"error handling mechanism.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "31531", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31531"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt"}, {"name": "32097", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32097"}, {"name": "1020974", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1020974"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt"}, {"name": "ADV-2008-2712", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2712"}, {"name": "trendmicro-officescan-cgi-unspecified-bo(45599)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45599"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4403", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via crafted HTTP headers, related to the \"error handling mechanism.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "31531", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31531"}, {"name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt", "refsource": "CONFIRM", "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt"}, {"name": "32097", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32097"}, {"name": "1020974", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020974"}, {"name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt", "refsource": "CONFIRM", "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt"}, {"name": "ADV-2008-2712", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2712"}, {"name": "trendmicro-officescan-cgi-unspecified-bo(45599)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45599"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4403", "datePublished": "2008-10-03T15:00:00", "dateReserved": "2008-10-03T00:00:00", "dateUpdated": "2017-08-07T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trend_micro:officescan:8.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "9A220318-78FB-4D3B-968D-7B0BF3BB1969", "vulnerable": true}, {"criteria": "cpe:2.3:a:trend_micro:officescan:8.0:sp1_patch1:*:*:*:*:*:*", "matchCriteriaId": "8FCFB646-3649-454D-8492-1640D98ED0C9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via crafted HTTP headers, related to the \"error handling mechanism.\""}, {"lang": "es", "value": "El m\u00f3dulo CGI en el servidor en Trend Micro OfficeScan v8.0 SP1 versiones anteriores a build 2439 y v8.0 SP1 Patch 1 versiones anteriores a build 3087 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (puntero de referencia NULL y ca\u00edda del proceso hijo) a trav\u00e9s de cabeceras HTTP manipuladas, relacionado con \"mecanismo de manejo de errores\"."}], "id": "CVE-2008-4403", "lastModified": "2017-08-08T01:32:37.233", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-10-03T15:07:10.807", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32097"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/31531"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1020974"}, {"source": "cve@mitre.org", "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt"}, {"source": "cve@mitre.org", "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/2712"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45599"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}