Gain a shell remotely : HTTP 1.1 Header Overflow DoS Vulnerability

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.11129

Kategorie: Gain a shell remotely

Titel: HTTP 1.1 Header Overflow DoS Vulnerability

Zusammenfassung: It was possible to kill the web server by sending an invalid; request with a too long HTTP 1.1 header (Accept-Encoding, Accept-Language, Accept-Range,; Connection, Expect, If-Match, If-None-Match, If-Range, If-Unmodified-Since, Max-Forwards, TE,; Host)

Beschreibung: Summary:
It was possible to kill the web server by sending an invalid
request with a too long HTTP 1.1 header (Accept-Encoding, Accept-Language, Accept-Range,
Connection, Expect, If-Match, If-None-Match, If-Range, If-Unmodified-Since, Max-Forwards, TE,
Host)

Vulnerability Impact:
An attacker may exploit this vulnerability to make the web server
crash continually or even execute arbirtray code on your system.

Affected Software/OS:
Lotus Domino Web Server prior to 6.0.1 and pServ are known to
be affected. Other versions or products might be affected as well.

Solution:
Update your software or protect it with a filtering reverse
proxy.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2003-0180
BugTraq ID: 6951
http://www.securityfocus.com/bid/6951
http://www.cert.org/advisories/CA-2003-11.html
CERT/CC vulnerability note: VU#355169
http://www.kb.cert.org/vuls/id/355169
Computer Incident Advisory Center Bulletin: N-065
http://www.ciac.org/ciac/bulletins/n-065.shtml
http://www.nextgenss.com/advisories/lotus-60dos.txt
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0086.html
XForce ISS Database: lotus-incomplete-post-dos(11360)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11360
Common Vulnerability Exposure (CVE) ID: CVE-2003-0181
XForce ISS Database: lotus-invalid-field-dos(11361)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11361

Copyright Copyright (C) 2002 Michel Arboi

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.11129
Kategorie:	Gain a shell remotely
Titel:	HTTP 1.1 Header Overflow DoS Vulnerability
Zusammenfassung:	It was possible to kill the web server by sending an invalid; request with a too long HTTP 1.1 header (Accept-Encoding, Accept-Language, Accept-Range,; Connection, Expect, If-Match, If-None-Match, If-Range, If-Unmodified-Since, Max-Forwards, TE,; Host)
Beschreibung:	Summary: It was possible to kill the web server by sending an invalid request with a too long HTTP 1.1 header (Accept-Encoding, Accept-Language, Accept-Range, Connection, Expect, If-Match, If-None-Match, If-Range, If-Unmodified-Since, Max-Forwards, TE, Host) Vulnerability Impact: An attacker may exploit this vulnerability to make the web server crash continually or even execute arbirtray code on your system. Affected Software/OS: Lotus Domino Web Server prior to 6.0.1 and pServ are known to be affected. Other versions or products might be affected as well. Solution: Update your software or protect it with a filtering reverse proxy. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0180 BugTraq ID: 6951 http://www.securityfocus.com/bid/6951 http://www.cert.org/advisories/CA-2003-11.html CERT/CC vulnerability note: VU#355169 http://www.kb.cert.org/vuls/id/355169 Computer Incident Advisory Center Bulletin: N-065 http://www.ciac.org/ciac/bulletins/n-065.shtml http://www.nextgenss.com/advisories/lotus-60dos.txt http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0086.html XForce ISS Database: lotus-incomplete-post-dos(11360) https://exchange.xforce.ibmcloud.com/vulnerabilities/11360 Common Vulnerability Exposure (CVE) ID: CVE-2003-0181 XForce ISS Database: lotus-invalid-field-dos(11361) https://exchange.xforce.ibmcloud.com/vulnerabilities/11361
Copyright	Copyright (C) 2002 Michel Arboi