Gain a shell remotely : HTTP 1.1 Header Overflow DoS Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.11129

Categoría: Gain a shell remotely

Título: HTTP 1.1 Header Overflow DoS Vulnerability

Resumen: It was possible to kill the web server by sending an invalid; request with a too long HTTP 1.1 header (Accept-Encoding, Accept-Language, Accept-Range,; Connection, Expect, If-Match, If-None-Match, If-Range, If-Unmodified-Since, Max-Forwards, TE,; Host)

Descripción: Summary:
It was possible to kill the web server by sending an invalid
request with a too long HTTP 1.1 header (Accept-Encoding, Accept-Language, Accept-Range,
Connection, Expect, If-Match, If-None-Match, If-Range, If-Unmodified-Since, Max-Forwards, TE,
Host)

Vulnerability Impact:
An attacker may exploit this vulnerability to make the web server
crash continually or even execute arbirtray code on your system.

Affected Software/OS:
Lotus Domino Web Server prior to 6.0.1 and pServ are known to
be affected. Other versions or products might be affected as well.

Solution:
Update your software or protect it with a filtering reverse
proxy.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-0180
BugTraq ID: 6951
http://www.securityfocus.com/bid/6951
http://www.cert.org/advisories/CA-2003-11.html
CERT/CC vulnerability note: VU#355169
http://www.kb.cert.org/vuls/id/355169
Computer Incident Advisory Center Bulletin: N-065
http://www.ciac.org/ciac/bulletins/n-065.shtml
http://www.nextgenss.com/advisories/lotus-60dos.txt
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0086.html
XForce ISS Database: lotus-incomplete-post-dos(11360)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11360
Common Vulnerability Exposure (CVE) ID: CVE-2003-0181
XForce ISS Database: lotus-invalid-field-dos(11361)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11361

Copyright Copyright (C) 2002 Michel Arboi

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.11129
Categoría:	Gain a shell remotely
Título:	HTTP 1.1 Header Overflow DoS Vulnerability
Resumen:	It was possible to kill the web server by sending an invalid; request with a too long HTTP 1.1 header (Accept-Encoding, Accept-Language, Accept-Range,; Connection, Expect, If-Match, If-None-Match, If-Range, If-Unmodified-Since, Max-Forwards, TE,; Host)
Descripción:	Summary: It was possible to kill the web server by sending an invalid request with a too long HTTP 1.1 header (Accept-Encoding, Accept-Language, Accept-Range, Connection, Expect, If-Match, If-None-Match, If-Range, If-Unmodified-Since, Max-Forwards, TE, Host) Vulnerability Impact: An attacker may exploit this vulnerability to make the web server crash continually or even execute arbirtray code on your system. Affected Software/OS: Lotus Domino Web Server prior to 6.0.1 and pServ are known to be affected. Other versions or products might be affected as well. Solution: Update your software or protect it with a filtering reverse proxy. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0180 BugTraq ID: 6951 http://www.securityfocus.com/bid/6951 http://www.cert.org/advisories/CA-2003-11.html CERT/CC vulnerability note: VU#355169 http://www.kb.cert.org/vuls/id/355169 Computer Incident Advisory Center Bulletin: N-065 http://www.ciac.org/ciac/bulletins/n-065.shtml http://www.nextgenss.com/advisories/lotus-60dos.txt http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0086.html XForce ISS Database: lotus-incomplete-post-dos(11360) https://exchange.xforce.ibmcloud.com/vulnerabilities/11360 Common Vulnerability Exposure (CVE) ID: CVE-2003-0181 XForce ISS Database: lotus-invalid-field-dos(11361) https://exchange.xforce.ibmcloud.com/vulnerabilities/11361
Copyright	Copyright (C) 2002 Michel Arboi