DiGi WWW Server 1 - Remote Denial of Service Vulnerability
2004-04-27T00:00:00
ID EDB-ID:24066 Type exploitdb Reporter Donato Ferrante Modified 2004-04-27T00:00:00
Description
DiGi WWW Server 1 Remote Denial Of Service Vulnerability. CVE-2004-1973. Dos exploits for multiple platform
source: http://www.securityfocus.com/bid/10228/info
The DiGi WWW Server has been reported to contain a remote denial of service vulnerability. It has been reported that when the server receives a malformed HTTP GET request, the web server process will consume large amounts of CPU resources.
Since this is a web server application, this leads to a remotely exploitable denial of service vulnerability.
GET ///[660Kb of /]/// HTTP/1.1
to a vulnerable server would demonstrate the effect.
{"id": "EDB-ID:24066", "type": "exploitdb", "bulletinFamily": "exploit", "title": "DiGi WWW Server 1 - Remote Denial of Service Vulnerability", "description": "DiGi WWW Server 1 Remote Denial Of Service Vulnerability. CVE-2004-1973. Dos exploits for multiple platform", "published": "2004-04-27T00:00:00", "modified": "2004-04-27T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/24066/", "reporter": "Donato Ferrante", "references": [], "cvelist": ["CVE-2004-1973"], "lastseen": "2016-02-02T22:26:43", "viewCount": 3, "enchantments": {"score": {"value": 5.5, "vector": "NONE", "modified": "2016-02-02T22:26:43", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2004-1973"]}], "modified": "2016-02-02T22:26:43", "rev": 2}, "vulnersScore": 5.5}, "sourceHref": "https://www.exploit-db.com/download/24066/", "sourceData": "source: http://www.securityfocus.com/bid/10228/info\r\n\r\nThe DiGi WWW Server has been reported to contain a remote denial of service vulnerability. It has been reported that when the server receives a malformed HTTP GET request, the web server process will consume large amounts of CPU resources.\r\n\r\nSince this is a web server application, this leads to a remotely exploitable denial of service vulnerability.\r\n\r\nGET ///[660Kb of /]/// HTTP/1.1\r\n\r\nto a vulnerable server would demonstrate the effect.", "osvdbidlist": ["5702"]}
{"cve": [{"lastseen": "2020-10-03T11:33:41", "description": "DiGi Web Server allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request that contains a large number of / (slash) characters, which consumes resources when DiGi converts the slashes to \\ (backslash) characters.", "edition": 3, "cvss3": {}, "published": "2004-04-27T04:00:00", "title": "CVE-2004-1973", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-1973"], "modified": "2017-07-11T01:31:00", "cpe": ["cpe:/a:digi:www_server:compieuw"], "id": "CVE-2004-1973", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1973", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:digi:www_server:compieuw:beta2:*:*:*:*:*:*", "cpe:2.3:a:digi:www_server:compieuw:*:*:*:*:*:*:*", "cpe:2.3:a:digi:www_server:compieuw:beta1:*:*:*:*:*:*"]}]}
