| VID |
22233 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Allegro RomPager embedded webserver, according to its banner, has a denial of service vulnerability. Allegro's RomPager is an embedded webserver product, most often used to provide web administration capabilities for networked printers, network switches, and other devices.
If a specifically-malformed request is sent to it, it will crash, often crashing the parent device as well. In this manner, network hardware and possibly entire networks can be rendered unusable by any remote attacker using only a browser.
In some cases, such as products made by Extreme Networks, the devices will identify themselves as 2.10 but will not exhibit the problem, since some vendors chose to integrate only certain portions of the 2.20 update such as the bug fix.
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2000-05/0398.html
http://www.allegrosoft.com/rpproduct.html
* Platforms Affected:
RomPager version 2.10 and earlier |
| Recommendation |
RomPager 2.20 was released in December 1998 and is not susceptible to this problem. Users of affected equipment should contact the vendor of that equipment for fix information. Contact information for Allegro is available at http://www.allegrosoft.com
As a workaround, use firewalls to limit access to the webserver ports on affected devices wherever possible. |
| Related URL |
CVE-2000-0470 (CVE) |
| Related URL |
1290 (SecurityFocus) |
| Related URL |
4588 (ISS) |
|
