[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-sigs
Subject: [Snort-sigs] Unify eWave ServletExec DoS
From: Keith Pachulski <Keith.Pachulski () corp ! ptd ! net>
Date: 2000-10-31 14:36:06
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
alert tcp !$HOME_NET any -> $HOME_NET 80 (msg:"Unify eWave
ServletExec DoS"; flags:PA content:"servlet/ServletExec")
Unify eWave ServletExec DoS
For example, if ServletExec is running on 10.0.0.1 as a plug-
in to a web server on port 80, an attacker can open a
connection to port 80 and make the following GET request that
causes the servlet engine to terminate abruptly.
nc 10.0.0.1 80
GET /servlet/ServletExec HTTP/1.0
Or simply access the URL http://10.0.0.1/servlet/ServletExec
from a browser to the same effect.
ServletExec generates java.net.BindException and kills the
servlet engine.
Keith Pachulski
Network Security Engineer
PenTeleData Internet Services
Phone: (800) 281-3564 ext. 277
URL: http://www.engr.ptd.net
PGP Key: http://www.protectors.cc/pgpkey.txt
"A Firewall is really much like a sophisticated traffic cop; it
detects and stops unauthorized or suspicious movement in or out of
the network. But security is more than a Firewall; it's a process.
You can't just put in a Firewall and think you're secure."
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQA/AwUBOf7Z2+GTq6qVSXTQEQI1ugCgsE9pdhVWqT6bQzDU5okXht4KRr8An3v8
uXyoDmUm6Utu6fxS2ZuG9GKF
=37JR
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic