Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 1999-2018 Tenable Network Security, Inc.MDAEMON_WEBCONFIG.NASL
HistoryNov 24, 1999 - 12:00 a.m.

MDaemon WebConfig HTTP Server URL Overflow DoS

1999-11-2400:00:00
This script is Copyright (C) 1999-2018 Tenable Network Security, Inc.
www.tenable.com
33

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.003

Percentile

65.5%

JSON

It was possible to crash Webconfig (which is used to configure MDaemon) by sending the request :

GET /aaaaa[…]aaa HTTP/1.0

This could allow a remote attacker to crash the web server, preventing the MDaemon server from being configured remotely.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if(description)
{
 script_id(10138);
 script_version ("1.29");
 script_cve_id("CVE-1999-0844");
 script_bugtraq_id(820);

 script_name(english:"MDaemon WebConfig HTTP Server URL Overflow DoS");
 script_summary(english:"Crashes the remote service");
 
 script_set_attribute(
   attribute:"synopsis",
   value:"The remote web server has a denial of service vulnerability."
 );
 script_set_attribute( attribute:"description",  value:
"It was possible to crash Webconfig (which is used to configure
MDaemon) by sending the request :

  GET /aaaaa[...]aaa HTTP/1.0

This could allow a remote attacker to crash the web server, preventing
the MDaemon server from being configured remotely." );
 script_set_attribute(
   attribute:"see_also",
   value:"https://seclists.org/bugtraq/1999/Nov/340"
 );
 script_set_attribute(
   attribute:"solution", 
   value:"Upgrade to the latest version of this software."
 );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"plugin_publication_date", value: "1999/11/24");
 script_set_attribute(attribute:"vuln_publication_date", value: "1999/11/24");
 script_cvs_date("Date: 2018/11/15 20:50:25");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_category(ACT_DENIAL);
 script_family(english:"Web Servers");

 script_copyright(english:"This script is Copyright (C) 1999-2018 Tenable Network Security, Inc.");

 script_dependencie("http_version.nasl");
 script_require_ports(2002);
 exit(0);
}

#
# The script code starts here
#
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = 2002;
if(! get_port_state(port)) exit(0, "Port "+port+" is closed");

if(http_is_dead(port:port))exit(0, "The web server on port "+port+" is dead");
 
w = http_send_recv3(method:"GET", item: crap(1000), port:port);
if (http_is_dead(port:port)) security_warning(port);

Related

nessus 1
cvelist 1
exploitdb 2
cve 1
nvd 1
nessus
nessus
MDaemon WorldClient HTTP Server URL Overflow DoS
1999-11-24 00:00:00
cvelist
cvelist
CVE-1999-0844
2000-02-04 05:00:00
exploitdb
exploitdb
Alt-N MDaemon 2.8.5 - WebConfig Overflow Denial of Service
1999-11-24 00:00:00
Alt-N WorldClient Pro 2.0.0.0/2.0.1.0/Standard 2.0.0.0 - Long URL Denial of Service
1999-11-26 00:00:00
cve
cve
CVE-1999-0844
2000-02-04 05:00:00
nvd
nvd
CVE-1999-0844
1999-11-24 05:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.003

Percentile

65.5%

JSON
Related for MDAEMON_WEBCONFIG.NASL
nessus1cvelist1exploitdb2cve1nvd1