JVN#23809730
GIGAPOD vulnerable to denial-of-service (DoS)
Overview
GIGAPOD provided by TripodWorks CO.,LTD. contains a denial-of-service (DoS) vulnerability.
Products Affected
- GIGAPOD OFFICEHARD Appliance model versions 3.04.03 and earlier
- GIGAPOD 2010 / GIGAPOD 3 Appliance model versions 3.01.02 and earlier
- GIGAPOD 2010 / GIGAPOD 3 Software model versions 3.01.02 and earlier
Description
GIGAPOD file servers (Appliance model and Software model) from TripodWorks CO.,LTD. provide two web interfaces. First, a user web interface via ports 80/443, and a second, an administrative web interface via port 8001. The administrative web interface uses a version of the Apache HTTP server which contains a flaw in handling HTTP requests (CVE-2011-3192). As a result, GIGAPOD contains a denial-of-service (DoS) vulnerability.
Impact
A remote attacker may be able to cause a denial-of-service (DoS).
Solution
Update the software
Apply the appropriate update according to the information provided by the developer.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| TripodWorks CO.,LTD. | Vulnerable | 2014/10/16 | TripodWorks CO.,LTD. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2014.10.16 (CVSS Base Metrics)
| Measures | Severity | Description | ||
|---|---|---|---|---|
| Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) | A vulnerability exploitable with network access means the vulnerable software is bound to the network stack and the attacker does not require local network access or local access. Such a vulnerability is often termed "remotely exploitable". |
| Access Complexity(AC) | High (H) | Medium (M) | Low (L) | Specialized access conditions or extenuating circumstances do not exist. |
| Authentication(Au) | Multiple (M) | Single (S) | None (N) | Authentication is not required to exploit the vulnerability. |
| Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) | There is no impact to the confidentiality of the system. |
| Integrity Impact(I) | None (N) | Partial (P) | Complete (C) | There is no impact to the integrity of the system. |
| Availability Impact(A) | None (N) | Partial (P) | Complete (C) | There is a total shutdown of the affected resource. |
Base Score:7.8
Credit
Teruo Yamada of IOS Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2014-5329 |
| JVN iPedia |
JVNDB-2014-000123 |