CVE-2008-4133

Published: Sep 19, 2008Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters.

Affected (2)

Products: D Link: Dir 100

D Link

1 product

Dir 100

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
D Link Dir 100	Version 1.02
D Link Dir 100	Version 1.12

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (16)

http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0133.html

Source: cve@mitre.org

http://secunia.com/advisories/31767

Source: cve@mitre.org

Vendor Advisory

http://securityreason.com/securityalert/4276

Source: cve@mitre.org

http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3808

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/496072/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/31050

Source: cve@mitre.org

http://www.securitytracker.com/id?1020825

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/44961

Source: cve@mitre.org

http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0133.html