Search...

Jetty < 4.2.19 Denial of Service

2005-11-03T00:00:00

ID OPENVAS:17348
Type openvas
Reporter This script is Copyright (C) 2005 Westpoint Limited
Modified 2017-12-07T00:00:00

Description

The remote host is running a version of Jetty which is older than 4.2.19. The version is vulnerable to a unspecified denial of service.

                                        
                                            # OpenVAS Vulnerability Test
# $Id: jetty_4_1_9_dos.nasl 8023 2017-12-07 08:36:26Z teissa $
# Description: Jetty &lt; 4.2.19 Denial of Service
#
# Authors:
# Sarju Bhagat &lt;sarju@westpoint.ltd.uk&gt;
# Fixes by Tenable:
#   - added CVE and OSVDB xrefs.
#
# Copyright:
# Copyright (C) 2005 Westpoint Limited
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

tag_summary = "The remote host is running a version of Jetty which is older than
4.2.19.  The version is vulnerable to a unspecified denial of service.";

tag_solution = "Upgrade to the latest version, or apply a patch.";

if(description)
{
 script_id(17348);
 script_version("$Revision: 8023 $");
 script_tag(name:"last_modification", value:"$Date: 2017-12-07 09:36:26 +0100 (Thu, 07 Dec 2017) $");
 script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
 script_cve_id("CVE-2004-2381");
 script_bugtraq_id(9917);
 script_xref(name:"OSVDB", value:"4387");
 script_tag(name:"cvss_base", value:"5.0");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
 name = "Jetty &lt; 4.2.19 Denial of Service";

 script_name(name);





 script_category(ACT_GATHER_INFO);
  script_tag(name:"qod_type", value:"remote_banner");


 script_copyright("This script is Copyright (C) 2005 Westpoint Limited");
 family = "Denial of Service";
 script_family(family);
 script_dependencies("gb_get_http_banner.nasl");
 script_mandatory_keys("Jetty/banner");
 script_require_ports("Services/www", 80);
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "summary" , value : tag_summary);
 exit(0);
}

#
# The script code starts here
#

include("http_func.inc");

port = get_http_port(default:80);

if(get_port_state(port))
{
 banner = get_http_banner(port:port);
 if(!banner || "Jetty/" &gt;!&lt; banner )exit(0);

 serv = strstr(banner, "Server");
 if(ereg(pattern:"Jetty/4\.([01]\.|2\.([0-9][^0-9]|1[0-8]))", string:serv))
 {
   security_message(port);
   exit(0);
 }
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:17348", "type": "openvas", "bulletinFamily": "scanner", "title": "Jetty < 4.2.19 Denial of Service", "description": "The remote host is running a version of Jetty which is older than\n4.2.19. The version is vulnerable to a unspecified denial of service.", "published": "2005-11-03T00:00:00", "modified": "2017-12-07T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=17348", "reporter": "This script is Copyright (C) 2005 Westpoint Limited", "references": ["4387"], "cvelist": ["CVE-2004-2381"], "lastseen": "2017-12-08T11:44:07", "viewCount": 5, "enchantments": {"score": {"value": 6.3, "vector": "NONE", "modified": "2017-12-08T11:44:07", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-4387", "CVE-2005-4387", "CVE-2013-4387", "CVE-2019-4387", "CVE-2014-4387", "CVE-2006-4387", "CVE-2012-4387", "CVE-2007-4387", "CVE-2017-4387", "CVE-2009-4387", "CVE-2004-2381", "CVE-2016-4387", "CVE-2015-4387", "CVE-2008-4387", "CVE-2018-4387", "CVE-2010-4387"]}, {"type": "osvdb", "idList": ["OSVDB:4387"]}, {"type": "nessus", "idList": ["JETTY_4_1_9_DOS.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231017348"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:4387", "SECURITYVULNS:VULN:4387"]}, {"type": "xssed", "idList": ["XSSED:4387"]}, {"type": "zdt", "idList": ["1337DAY-ID-4387"]}, {"type": "seebug", "idList": ["SSV:4387"]}, {"type": "exploitdb", "idList": ["EDB-ID:4387"]}, {"type": "msupdate", "idList": ["MS:1C26E4BC-966D-4387-B9A5-414AB23301E5", "MS:C22D92E4-B375-4387-8F0F-DE58443D846C", "MS:4565C62D-4387-430A-BFBE-2075FC3FD1CA"]}], "modified": "2017-12-08T11:44:07", "rev": 2}, "vulnersScore": 6.3}, "pluginID": "17348", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: jetty_4_1_9_dos.nasl 8023 2017-12-07 08:36:26Z teissa $\n# Description: Jetty < 4.2.19 Denial of Service\n#\n# Authors:\n# Sarju Bhagat <sarju@westpoint.ltd.uk>\n# Fixes by Tenable:\n# - added CVE and OSVDB xrefs.\n#\n# Copyright:\n# Copyright (C) 2005 Westpoint Limited\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_summary = \"The remote host is running a version of Jetty which is older than\n4.2.19. The version is vulnerable to a unspecified denial of service.\";\n\ntag_solution = \"Upgrade to the latest version, or apply a patch.\";\n\nif(description)\n{\n script_id(17348);\n script_version(\"$Revision: 8023 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-07 09:36:26 +0100 (Thu, 07 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_cve_id(\"CVE-2004-2381\");\n script_bugtraq_id(9917);\n script_xref(name:\"OSVDB\", value:\"4387\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n name = \"Jetty < 4.2.19 Denial of Service\";\n\n script_name(name);\n\n\n\n\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n\n script_copyright(\"This script is Copyright (C) 2005 Westpoint Limited\");\n family = \"Denial of Service\";\n script_family(family);\n script_dependencies(\"gb_get_http_banner.nasl\");\n script_mandatory_keys(\"Jetty/banner\");\n script_require_ports(\"Services/www\", 80);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"http_func.inc\");\n\nport = get_http_port(default:80);\n\nif(get_port_state(port))\n{\n banner = get_http_banner(port:port);\n if(!banner || \"Jetty/\" >!< banner )exit(0);\n\n serv = strstr(banner, \"Server\");\n if(ereg(pattern:\"Jetty/4\\.([01]\\.|2\\.([0-9][^0-9]|1[0-8]))\", string:serv))\n {\n security_message(port);\n exit(0);\n }\n}\n", "naslFamily": "Denial of Service"}

{"cve": [{"lastseen": "2020-10-03T11:33:41", "description": "HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service (memory usage and application crash) via HTTP requests with a large Content-Length.", "edition": 3, "cvss3": {}, "published": "2004-12-31T05:00:00", "title": "CVE-2004-2381", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-2381"], "modified": "2017-07-11T01:31:00", "cpe": ["cpe:/a:jetty:jetty_http_server:4.1.0_rc1", "cpe:/a:jetty:jetty_http_server:4.0.d1", "cpe:/a:jetty:jetty_http_server:4.2.7", "cpe:/a:jetty:jetty_http_server:4.1.0_rc0", "cpe:/a:jetty:jetty_http_server:4.2.9_rc2", "cpe:/a:jetty:jetty_http_server:4.0.b1", "cpe:/a:jetty:jetty_http_server:4.0_rc1", "cpe:/a:jetty:jetty_http_server:4.2.14", "cpe:/a:jetty:jetty_http_server:4.0.1_rc1", "cpe:/a:jetty:jetty_http_server:4.2.10_pre0", "cpe:/a:jetty:jetty_http_server:4.0.2", "cpe:/a:jetty:jetty_http_server:4.2.6", "cpe:/a:jetty:jetty_http_server:4.0.4", "cpe:/a:jetty:jetty_http_server:4.2.10_pre1", "cpe:/a:jetty:jetty_http_server:4.1.3", "cpe:/a:jetty:jetty_http_server:4.2.14_rc0", "cpe:/a:jetty:jetty_http_server:4.2.9_rc1", "cpe:/a:jetty:jetty_http_server:4.1.2", "cpe:/a:jetty:jetty_http_server:4.0.1_rc2", "cpe:/a:jetty:jetty_http_server:4.1.4", "cpe:/a:jetty:jetty_http_server:4.0.5", "cpe:/a:jetty:jetty_http_server:4.1.d0", "cpe:/a:jetty:jetty_http_server:4.1.0_rc6", "cpe:/a:jetty:jetty_http_server:4.2.2", "cpe:/a:jetty:jetty_http_server:4.0.d2", "cpe:/a:jetty:jetty_http_server:4.2.18", "cpe:/a:jetty:jetty_http_server:4.0.6", "cpe:/a:jetty:jetty_http_server:4.1.0_rc2", "cpe:/a:jetty:jetty_http_server:4.1.0_rc4", "cpe:/a:jetty:jetty_http_server:4.2.0", "cpe:/a:jetty:jetty_http_server:4.0.b0", "cpe:/a:jetty:jetty_http_server:4.2.0_rc0", "cpe:/a:jetty:jetty_http_server:4.0.d4", "cpe:/a:jetty:jetty_http_server:4.2.15", "cpe:/a:jetty:jetty_http_server:4.2.11", "cpe:/a:jetty:jetty_http_server:4.2.4", "cpe:/a:jetty:jetty_http_server:4.2.5", "cpe:/a:jetty:jetty_http_server:4.0.0", "cpe:/a:jetty:jetty_http_server:4.1.b1", "cpe:/a:jetty:jetty_http_server:4.2.0_beta0", "cpe:/a:jetty:jetty_http_server:4.2.1", "cpe:/a:jetty:jetty_http_server:4.2.4_rc0", "cpe:/a:jetty:jetty_http_server:4.2.16", "cpe:/a:jetty:jetty_http_server:4.0.1_rc0", "cpe:/a:jetty:jetty_http_server:4.0.d3", "cpe:/a:jetty:jetty_http_server:4.0.3", "cpe:/a:jetty:jetty_http_server:4.1.0_rc5", "cpe:/a:jetty:jetty_http_server:4.0.b2", "cpe:/a:jetty:jetty_http_server:4.1.d1", "cpe:/a:jetty:jetty_http_server:4.2.12", "cpe:/a:jetty:jetty_http_server:4.0_rc2", "cpe:/a:jetty:jetty_http_server:4.1.d2", "cpe:/a:jetty:jetty_http_server:4.2.9", "cpe:/a:jetty:jetty_http_server:4.1.0_rc3", "cpe:/a:jetty:jetty_http_server:4.2.8_01", "cpe:/a:jetty:jetty_http_server:4.1.0", "cpe:/a:jetty:jetty_http_server:4.0.1", "cpe:/a:jetty:jetty_http_server:4.2.17", "cpe:/a:jetty:jetty_http_server:4.2.10", "cpe:/a:jetty:jetty_http_server:4.2.0_rc1", "cpe:/a:jetty:jetty_http_server:4.1.b0", "cpe:/a:jetty:jetty_http_server:4.2.3", "cpe:/a:jetty:jetty_http_server:4.0_rc3", "cpe:/a:jetty:jetty_http_server:4.2.15_rc0", "cpe:/a:jetty:jetty_http_server:4.0.d0", "cpe:/a:jetty:jetty_http_server:4.1.1", "cpe:/a:jetty:jetty_http_server:4.2.14_rc1"], "id": "CVE-2004-2381", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2381", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:jetty:jetty_http_server:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.1.b1:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.2.9_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.0.b2:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.0_rc3:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.0.d1:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.0.1_rc0:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.1.d0:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.0.d0:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.2.0_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc3:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.2.14_rc0:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.1.d1:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.0.b1:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.0_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.2.16:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.2.9_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc0:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.2.14_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc5:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.2.0_rc0:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.2.10_pre0:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.2.10_pre1:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.0.d4:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.0.b0:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.2.18:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc6:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.1.d2:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.0_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.0.d3:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.2.17:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.2.4_rc0:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.2.15_rc0:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.0.d2:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc4:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.0.1_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.1.b0:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.2.0_beta0:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.0.1_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.2.8_01:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:jetty:jetty_http_server:4.0.0:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:19:59", "bulletinFamily": "software", "cvelist": ["CVE-2004-2381"], "edition": 1, "description": "## Vulnerability Description\nJetty contains a flaw that may allow a malicious user to create a denial of service. The cause of this issue is currently unknown. It is possible that the flaw may result in a loss of availability.\n## Solution Description\nUpgrade to version 4.2.19 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nJetty contains a flaw that may allow a malicious user to create a denial of service. The cause of this issue is currently unknown. It is possible that the flaw may result in a loss of availability.\n## References:\n[Secunia Advisory ID:11166](https://secuniaresearch.flexerasoftware.com/advisories/11166/)\nKeyword: Jetty\nKeyword: Unspecified\nKeyword: DoS\nISS X-Force ID: 15537\n[CVE-2004-2381](https://vulners.com/cve/CVE-2004-2381)\nBugtraq ID: 9917\n", "modified": "2004-03-19T07:03:33", "published": "2004-03-19T07:03:33", "href": "https://vulners.com/osvdb/OSVDB:4387", "id": "OSVDB:4387", "type": "osvdb", "title": "Jetty Unspecified DoS ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2020-02-04T16:37:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-2381"], "description": "The remote host is running a version of Jetty which is older than\n 4.2.19. The version is vulnerable to a unspecified denial of service.", "modified": "2020-02-03T00:00:00", "published": "2005-11-03T00:00:00", "id": "OPENVAS:136141256231017348", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231017348", "type": "openvas", "title": "Jetty < 4.2.19 Denial of Service", "sourceData": "# OpenVAS Vulnerability Test\n# Description: Jetty < 4.2.19 Denial of Service\n#\n# Authors:\n# Sarju Bhagat <sarju@westpoint.ltd.uk>\n# Fixes by Tenable:\n# - added CVE and OSVDB xrefs.\n#\n# Copyright:\n# Copyright (C) 2005 Westpoint Limited\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.17348\");\n script_version(\"2020-02-03T13:52:45+0000\");\n script_tag(name:\"last_modification\", value:\"2020-02-03 13:52:45 +0000 (Mon, 03 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_cve_id(\"CVE-2004-2381\");\n script_bugtraq_id(9917);\n script_xref(name:\"OSVDB\", value:\"4387\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Jetty < 4.2.19 Denial of Service\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2005 Westpoint Limited\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_jetty_detect.nasl\");\n script_mandatory_keys(\"jetty/detected\");\n\n script_tag(name:\"solution\", value:\"Update to the latest version, or apply a patch.\");\n\n script_tag(name:\"summary\", value:\"The remote host is running a version of Jetty which is older than\n 4.2.19. The version is vulnerable to a unspecified denial of service.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:eclipse:jetty\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( ! port = get_app_port( cpe: CPE ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )\n exit( 0 );\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif( version_is_less( version: version, test_version: \"4.2.19\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"4.2.19\", install_path: location );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit(99);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2020-06-16T02:35:50", "description": "According to its banner, the remote host is running a version of Jetty\nthat is older than 4.2.19. The version is vulnerable to a unspecified\ndenial of service.", "edition": 18, "published": "2005-03-17T00:00:00", "title": "Jetty < 4.2.19 HTTP Server HttpRequest.java Content-Length Handling Remote Overflow DoS", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-2381"], "modified": "2005-03-17T00:00:00", "cpe": ["cpe:/a:mortbay:jetty"], "id": "JETTY_4_1_9_DOS.NASL", "href": "https://www.tenable.com/plugins/nessus/17348", "sourceData": "#\n# Sarju Bhagat <sarju@westpoint.ltd.uk>\n#\n# GPLv2\n#\n\n# Changes by Tenable:\n# - added CVE xrefs.\n# - revised plugin title, changed family (6/17/09)\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17348);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/12\");\n\n script_cve_id(\"CVE-2004-2381\");\n script_bugtraq_id(9917);\n\n script_name(english:\"Jetty < 4.2.19 HTTP Server HttpRequest.java Content-Length Handling Remote Overflow DoS\");\n script_summary(english:\"Checks for the version of Jetty\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is prone to a denial of service attack.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote host is running a version of Jetty\nthat is older than 4.2.19. The version is vulnerable to a unspecified\ndenial of service.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://sourceforge.net/project/shownotes.php?release_id=224743\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to version 4.2.19 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/17\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/03/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mortbay:jetty\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2020 Westpoint Limited\");\n script_family(english:\"Web Servers\");\n\n script_dependencie(\"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"http_func.inc\");\n\nport = get_http_port(default:80, embedded:TRUE);\n\nif(get_port_state(port))\n{\n banner = get_http_banner(port:port);\n if(!banner || \"Jetty/\" >!< banner )exit(0);\n\n serv = strstr(banner, \"Server\");\n if(ereg(pattern:\"Jetty/4\\.([01]\\.|2\\.([0-9][^0-9]|1[0-8]))\", string:serv))\n {\n security_warning(port);\n exit(0);\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}

Jetty &lt; 4.2.19 Denial of Service

Description

The remote host is running a version of Jetty which is older than 4.2.19. The version is vulnerable to a unspecified denial of service.

Jetty < 4.2.19 Denial of Service