Published:2013/03/18  Last Updated:2013/03/18

JVN#41022517
VxWorks Web Server vulnerable to denial-of-service (DoS)

Overview

The VxWorks Web Server contains a denial-of-service vulnerability.

Products Affected

  • VxWorks versions 5.5 through 6.9

Description

The VxWorks Web Server contains a denial-of-service (DoS) vulnerability.

Impact

When a user accesses the VxWorks Web Server using a specially crafted URL, the server may crash.

Solution

Apply a patch
Apply the appropriate patch according to the information provided by the developer.

Vendor Status

Vendor Status Last Update Vendor Notes
Wind River Systems Vulnerable 2013/03/18

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Analyzed on 2013.03.18

Measures Conditions Severity
Access Required can be attacked over the Internet using packets
  • High
Authentication anonymous or no authentication (IP addresses do not count)
  • High
User Interaction Required the user must be convinced to take a standard action that does not feel harmful to most users, such as click on a link or view a file
  • Mid
Exploit Complexity little to no expertise and/or luck required to exploit (cross-side scripting).Expected to be the common response
  • High

Description of each analysis measures

Credit

Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2013-0716
JVN iPedia JVNDB-2013-000023