Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2002-2018 Tenable Network Security, Inc.SWS_DOS.NASL
HistoryNov 27, 2002 - 12:00 a.m.

SWS Web Server Unfinished Line Remote DoS

2002-11-2700:00:00
This script is Copyright (C) 2002-2018 Tenable Network Security, Inc.
www.tenable.com
174
JSON

The SWS web server running on this port crashes when it receives a request that doesn’t end in a newline.

An unauthenticated, remote attacker can exploit this vulnerability to disable the service.

#
# (C) Tenable Network Security, Inc.
#

# Modifications by rd:
#	- Removed the numerous (and slow) calls to send() and recv()
#	  because the original exploit states that sending just one
#	  request will crash the server
#
########################
# References:
########################
#
# Message-Id: <[email protected]>
# Date: Mon, 2 Sep 2002 11:02:31 -0700
# To: [email protected]
# From: [email protected]
# Subject: [VulnWatch] SWS Web Server v0.1.0 Exploit
#
########################
#
# Vulnerable:
# SWS Web Server v0.1.0
#

include("compat.inc");

if(description)
{
 script_id(11171);
 script_version("1.24");

 script_cve_id("CVE-2002-2370");
 script_bugtraq_id(5664);
 
 script_name(english:"SWS Web Server Unfinished Line Remote DoS");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote web server is prone to a denial of service attack." );
 script_set_attribute(attribute:"description", value:
"The SWS web server running on this port crashes when it receives a
request that doesn't end in a newline. 

An unauthenticated, remote attacker can exploit this vulnerability to
disable the service." );
 # https://web.archive.org/web/20111004151520/http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0100.html
 script_set_attribute(
  attribute:"see_also", 
  value:"http://www.nessus.org/u?38653668"
 );
 script_set_attribute(attribute:"solution", value: "Unknown at this time." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(
  attribute:"vuln_publication_date", 
  value:"2002/09/02"
 );
 script_set_attribute(
  attribute:"plugin_publication_date", 
  value:"2002/11/27"
 );
 script_cvs_date("Date: 2018/06/27 18:42:26");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();
 
 script_summary(english:"SWS web server crashes when unfinished line is sent");
 script_category(ACT_DENIAL);

 script_copyright(english:"This script is Copyright (C) 2002-2018 Tenable Network Security, Inc.");
 script_family(english:"Web Servers");
 script_dependencie("http_version.nasl");
 script_require_ports("Services/www",80);
 exit(0);
}

#
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80);

if(http_is_dead(port:port))exit(0);

r = http_send_recv_buf(port: port, data:"|Nessus|");
if(http_is_dead(port:port, retry:3)) security_warning(port);

Related

openvas 2
cve 1
cvelist 1
openvas
openvas
HTTP unfinished line denial
2005-11-03 00:00:00
HTTP Unfinished Line DoS Vulnerability
2005-11-03 00:00:00
cve
cve
CVE-2002-2370
2002-12-31 05:00:00
cvelist
cvelist
CVE-2002-2370
2022-10-03 16:23:49
JSON
Related for SWS_DOS.NASL
openvas2cve1cvelist1