Short Name |
HTTP:LOCALHOST-ON-INTERNET |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
Localhost Host Header in Trans-Internet Request |
Release Date |
2010/09/20 |
Update Number |
1776 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against several HTTP-based Web Interfaces for network devices (such as VOIP Phones). An attacker can send a crafted message to the server allowing them to bypass security restrictions and reconfigure or make arbitrary use of the device.
The web interface on snom VoIP phones is prone to an authentication-bypass vulnerability because it fails to properly verify HTTP requests. Successful exploits may allow attackers to bypass security restrictions and reconfigure the phones or make arbitrary use of the phones. snom VoIP phones with firmware prior to 6.5.20, 7.1.39 and 7.3.14 are vulnerable.