Search...

MiniShare HTTP Request DoS

2004-05-26T03:51:06

ID OSVDB:6432
Type osvdb
Reporter Donato Ferrante(fdonato@autistici.org)
Modified 2004-05-26T03:51:06

Description

Vulnerability Description

MiniShare contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted HTTP request is sent, and will result in loss of availability for the service.

Solution Description

Upgrade to version 1.3.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

MiniShare contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted HTTP request is sent, and will result in loss of availability for the service.

Manual Testing Notes

To test the vulnerability send to the webserver a request like:

GET:

1. GET /something HTTP/1.1

2. GET /something HTTP/1.1\n

HEAD:

1. HEAD /something HTTP/1.1

2. HEAD /something HTTP/1.1\n

and the webserver will crash.

References:

Vendor URL: http://minishare.sourceforge.net/

Vendor Specific Advisory URL Secunia Advisory ID:11715 Other Advisory URL: http://www.autistici.org/fdonato/advisory/MiniShare1.3.2-adv.txt Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=108563992129877&w=2

JSON Vulners Source

Initial Source

{"type": "osvdb", "published": "2004-05-26T03:51:06", "href": "https://vulners.com/osvdb/OSVDB:6432", "bulletinFamily": "software", "cvss": {"vector": "NONE", "score": 0.0}, "viewCount": 1, "edition": 1, "reporter": "Donato Ferrante(fdonato@autistici.org)", "title": "MiniShare HTTP Request DoS ", "affectedSoftware": [{"operator": "eq", "version": "1.3.2", "name": "MiniShare"}], "enchantments": {"score": {"value": -0.8, "vector": "NONE", "modified": "2017-04-28T13:20:01", "rev": 2}, "dependencies": {"references": [], "modified": "2017-04-28T13:20:01", "rev": 2}, "vulnersScore": -0.8}, "references": [], "id": "OSVDB:6432", "lastseen": "2017-04-28T13:20:01", "cvelist": [], "modified": "2004-05-26T03:51:06", "description": "## Vulnerability Description\nMiniShare contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted HTTP request is sent, and will result in loss of availability for the service.\n## Solution Description\nUpgrade to version 1.3.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMiniShare contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted HTTP request is sent, and will result in loss of availability for the service.\n## Manual Testing Notes\nTo test the vulnerability send to the webserver a request like:\n\nGET: \n\n1. GET /something HTTP/1.1\n-\n2. GET /something HTTP/1.1\\n\n-\n\nHEAD:\n\n1. HEAD /something HTTP/1.1\n-\n2. HEAD /something HTTP/1.1\\n\n-\n\nand the webserver will crash.\n## References:\nVendor URL: http://minishare.sourceforge.net/\n\n[Vendor Specific Advisory URL](http://sourceforge.net/project/shownotes.php?release_id=241158)\n[Secunia Advisory ID:11715](https://secuniaresearch.flexerasoftware.com/advisories/11715/)\nOther Advisory URL: http://www.autistici.org/fdonato/advisory/MiniShare1.3.2-adv.txt\nMail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=108563992129877&w=2\n"}