Vulnerability Name:

CVE-2003-0291 (CCN-11999)

Assigned:2003-05-13
Published:2003-05-13
Updated:2017-07-11
Summary:3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly clear memory from DHCP responses, which allows remote attackers to identify the contents of previous HTTP requests by sniffing DHCP packets.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: BugTraq Mailing List, Tue May 13 2003 - 19:49:20 CDT
Memory leak in 3COM 812 DSL routers

Source: CCN
Type: BugTraq Mailing List, Wed May 14 2003 - 18:27:10 CDT
RE : Memory leak in 3COM DSL routers

Source: MITRE
Type: CNA
CVE-2003-0291

Source: BUGTRAQ
Type: UNKNOWN
20030514 Memory leak in 3COM 812 DSL routers

Source: BUGTRAQ
Type: UNKNOWN
20030515 RE : Memory leak in 3COM DSL routers

Source: MISC
Type: Patch, Vendor Advisory
http://nautopia.coolfreepages.com/vulnerabilidades/3com812_dhcp_leak.htm

Source: CCN
Type: 3Com Support Web site
3Com Support for Products

Source: CCN
Type: OSVDB ID: 6054
3Com OfficeConnect ADSL Router DHCP Information Disclosure

Source: BID
Type: UNKNOWN
7592

Source: CCN
Type: BID-7592
3Com OfficeConnect ADSL Router DHCP Response Information Disclosure Vulnerability

Source: XF
Type: UNKNOWN
3com-officeconnect-memory-leak(11999)

Source: XF
Type: UNKNOWN
3com-officeconnect-memory-leak(11999)

Vulnerable Configuration:Configuration 1:
  • cpe:/h:3com:3cp4144:1.1.7:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/h:3com:3cp4144:1.1.7:*:*:*:*:*:*:*
  • OR cpe:/h:3com:3cp4144:1.1.9:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    3com 3cp4144 1.1.7
    3com 3cp4144 1.1.7
    3com 3cp4144 1.1.9