Test Kennung:	1.3.6.1.4.1.25623.1.0.10930
Kategorie:	Denial of Service
Titel:	HTTP Windows 98 MS/DOS device names DOS
Zusammenfassung:	It was possible to freeze or reboot Windows by; reading a MS/DOS device through HTTP, using a file name like CON\CON, AUX.htm or AUX.
Beschreibung:	Summary: It was possible to freeze or reboot Windows by reading a MS/DOS device through HTTP, using a file name like CON\CON, AUX.htm or AUX. Vulnerability Impact: An attacker may use this flaw to make your system crash continuously, preventing you from working properly. Affected Software/OS: Known vulnerable servers: vWebServer v1.2.0 (and others?) AnalogX SimpleServer:WWW 1.08 (CVE-2001-0386) Small HTTP server 2.03 (CVE-2001-0493) acWEB HTTP server? Xitami Web Server (BID:2622, CVE-2001-0391) Jana Web Server (BID:2704, CVE-2001-0558) Cyberstop Web Server (BID:3929, CVE-2002-0200) General Windows MS-DOS Device (BID:1043, CVE-2000-0168) Apache < 2.0.44 (CVE-2003-0016) Domino 5.0.7 and earlier (CVE-2001-0602, BID: 2575) Darwin Streaming Server v4.1.3e (CVE-2003-0421) Darwin Streaming Server v4.1.3f (CVE-2003-0502) Solution: Upgrade the system or use a HTTP server that filters those names out. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2001-0386 BugTraq ID: 2608 http://www.securityfocus.com/bid/2608 Bugtraq: 20010417 Advisory for SimpleServer:WWW (analogX) (Google Search) http://www.securityfocus.com/archive/1/177156 http://www.osvdb.org/3781 XForce ISS Database: analogx-simpleserver-aux-dos(6395) https://exchange.xforce.ibmcloud.com/vulnerabilities/6395 Common Vulnerability Exposure (CVE) ID: CVE-2001-0493 BugTraq ID: 2649 http://www.securityfocus.com/bid/2649 Bugtraq: 20010424 Advisory for Small HTTP Server (Google Search) http://archives.neohapsis.com/archives/bugtraq/2001-04/0428.html XForce ISS Database: small-http-aux-dos(6446) https://exchange.xforce.ibmcloud.com/vulnerabilities/6446 Common Vulnerability Exposure (CVE) ID: CVE-2001-0391 Bugtraq: 20010417 Advisory for Xitami 2.4d7, 2.5d4 (Google Search) http://archives.neohapsis.com/archives/bugtraq/2001-04/0277.html Common Vulnerability Exposure (CVE) ID: CVE-2001-0558 BugTraq ID: 2704 http://www.securityfocus.com/bid/2704 Bugtraq: 20010507 Advisory for Jana server (Google Search) http://archives.neohapsis.com/archives/bugtraq/2001-05/0086.html http://www.osvdb.org/1817 XForce ISS Database: jana-server-device-dos(6521) https://exchange.xforce.ibmcloud.com/vulnerabilities/6521 Common Vulnerability Exposure (CVE) ID: CVE-2002-0200 BugTraq ID: 3929 http://www.securityfocus.com/bid/3929 Bugtraq: 20020122 CyberStop-Server-DoS-remote-attacks (Google Search) http://marc.info/?l=bugtraq&m=101174569103289&w=2 http://www.iss.net/security_center/static/7959.php Common Vulnerability Exposure (CVE) ID: CVE-2000-0168 BugTraq ID: 1043 http://www.securityfocus.com/bid/1043 Bugtraq: 20000306 con\con is a old thing (anyway is cool) (Google Search) http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCENECCAA.labs@ussrback.com Microsoft Security Bulletin: MS00-017 http://www.securityfocus.com/templates/advisory.html?id=2126 XForce ISS Database: win-dos-devicename-dos Common Vulnerability Exposure (CVE) ID: CVE-2003-0016 BugTraq ID: 6659 http://www.securityfocus.com/bid/6659 CERT/CC vulnerability note: VU#825177 http://www.kb.cert.org/vuls/id/825177 CERT/CC vulnerability note: VU#979793 http://www.kb.cert.org/vuls/id/979793 http://marc.info/?l=apache-httpd-announce&m=104313442901017&w=2 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E XForce ISS Database: apache-device-code-execution(11125) https://exchange.xforce.ibmcloud.com/vulnerabilities/11125 XForce ISS Database: apache-device-name-dos(11124) https://exchange.xforce.ibmcloud.com/vulnerabilities/11124 Common Vulnerability Exposure (CVE) ID: CVE-2001-0602 Bugtraq: 20010411 def-2001-20: Lotus Domino Multiple DoS (Google Search) http://archives.neohapsis.com/archives/bugtraq/2001-04/0174.html XForce ISS Database: lotus-domino-device-dos(6348) https://exchange.xforce.ibmcloud.com/vulnerabilities/6348 Common Vulnerability Exposure (CVE) ID: CVE-2003-0421 http://www.rapid7.com/advisories/R7-0015.html http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html Common Vulnerability Exposure (CVE) ID: CVE-2003-0502
Copyright	Copyright (C) 2001 Michel Arboi

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.