[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FD] The Misfortune Cookie Vulnerability
- To: "fulldisclosure@xxxxxxxxxxxx" <fulldisclosure@xxxxxxxxxxxx>
- Subject: [FD] The Misfortune Cookie Vulnerability
- From: Shahar Tal <shahartal@xxxxxxxxxxxxxx>
- Date: Thu, 18 Dec 2014 14:00:13 +0000
Hey there,
Recently our group has uncovered a serious vuln in RomPager - the most popular
web server in the world, found in millions of embedded devices (mostly
residential gateways / SOHO routers), which unfortunately allows gaining admin
access to the router from the WAN (port 80 access not required! 7547 works like
a charm).
This is not the "rom-0" vulnerability revealed earlier this year. In fact, it's
about an order of magnitude worse - IPv4 scans show at least 12 million readily
exploitable endpoints. Shodan it yourself later.
We call it "Misfortune Cookie" over the affected vulnerable HTTP cookie parsing
module, but MITRE insists on CVE-2014-9222 (CVSS score, for those of you
keeping count, is 9.7).
See http://mis.fortunecook.ie for the rest.
Cheers,
Shahar Tal
Malware & Vulnerability Research
AAAAAAAAAAAAAAAA\0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Check Point Software Technologies | * +972-3-753-4536 | M +972-545-888887 | *
shahartal@xxxxxxxxxxxxxx<mailto:shahartal@xxxxxxxxxxxxxx>
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/