CVE-2002-0106
CVSS5.0
发布时间 :2002-03-25 00:00:00
修订时间 :2016-10-17 22:16:13
NMCOES    

[原文]BEA Systems Weblogic Server 6.1 allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name.


[CNNVD]Bea Weblogic Server DOS设备拒绝服务漏洞(CNNVD-200203-068)

        
        BEA Systems WebLogic Server 是一个企业级的web服务器和无线应用服务器,它可以在Microsoft Windows系统以及多种Unix和Linux系统下运行。
        如果WebLogin Server在Windows NT或者2000下运行,远程攻击者可以通过发送多个包含MS-DOS设备名的.jsp URL请求(例如 aux.jsp)来使其崩溃。当Weblogic Server接收到一个.jsp请求时,它会调用一个外部编译器来处理所请求的.jsp资源。如果这个.jsp资源是一个MS-DOS设备,例如 AUX, 外部编译器处理时的那个工作线程就不会终止。而Weblogic Server通常可以处理10-11个工作线程,所以当工作线程超过上述限制时,服务器就无法响应任何其他请求了。
        服务器必须重新启动才能恢复WebLogic Server的正常工作。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:bea:weblogic_server:6.1:sp1BEA Systems WebLogic Server 6.1 SP1
cpe:/a:bea:weblogic_server:6.1BEA Systems WebLogic Server 6.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0106
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0106
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200203-068
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=101050440629269&w=2
(UNKNOWN)  BUGTRAQ  20020108 KPMG-2002003: Bea Weblogic DOS-device Denial of Service
http://www.iss.net/security_center/static/7808.php
(VENDOR_ADVISORY)  XF  weblogic-dos-jsp-dos(7808)
http://www.securityfocus.com/bid/3816
(VENDOR_ADVISORY)  BID  3816

- 漏洞信息

Bea Weblogic Server DOS设备拒绝服务漏洞
中危 其他
2002-03-25 00:00:00 2005-10-20 00:00:00
远程  
        
        BEA Systems WebLogic Server 是一个企业级的web服务器和无线应用服务器,它可以在Microsoft Windows系统以及多种Unix和Linux系统下运行。
        如果WebLogin Server在Windows NT或者2000下运行,远程攻击者可以通过发送多个包含MS-DOS设备名的.jsp URL请求(例如 aux.jsp)来使其崩溃。当Weblogic Server接收到一个.jsp请求时,它会调用一个外部编译器来处理所请求的.jsp资源。如果这个.jsp资源是一个MS-DOS设备,例如 AUX, 外部编译器处理时的那个工作线程就不会终止。而Weblogic Server通常可以处理10-11个工作线程,所以当工作线程超过上述限制时,服务器就无法响应任何其他请求了。
        服务器必须重新启动才能恢复WebLogic Server的正常工作。
        

- 公告与补丁

        临时解决方法:
        此问题没有有效的临时解决方法,您应当尽快升级到SP2。
        厂商补丁:
        BEA Systems
        -----------
        BEA WebLogic Server 6.1 SP2已经修复了这个安全问题,请到厂商的主页下载:
        
        http://commerce.beasys.com/downloads/weblogic_server.jsp

- 漏洞信息 (21432)

BEA Systems WebLogic Server and Express 7.0 Null Character DOS (EDBID:21432)
windows dos
2002-04-30 Verified
0 Peter Gründl
N/A [点击下载]
source: http://www.securityfocus.com/bid/4646/info

BEA Systems WebLogic Server is an enterprise level web and wireless application server for Microsoft Windows and most Unix and Linux distributions.

BEA WebLogic Express provides a platform for serving dynamic data to web and wireless applications.

It is possible to create a denial of service condition by appending a null character to a request for a MS-DOS device name (such as AUX). Multiple malformed requests will cause the server to hang.

BugTraq ID 3816 "BEA Systems WebLogic Server DOS Device Denial of Service Vulnerability" describes a similar condition, which was fixed in WebLogic Server 6.1 SP2. However, the null character variation of this attack affects systems running WebLogic Server 6.1 SP2.

The server must be restarted to regain normal functionality. 

This issue may be exploited with a web browser. For example:

http://target//aux%00

		

- 漏洞信息

10341
BEA WebLogic Server DOS Device Request DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Public

- 漏洞描述

- 时间线

2002-01-08 Unknow
2002-01-08 Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

BEA Systems WebLogic Server DOS Device Denial of Service Vulnerability
Failure to Handle Exceptional Conditions 3816
Yes No
2002-01-08 12:00:00 2009-07-11 09:56:00
Discovered and posted to Bugtraq by Peter Grundl <pgrundl@kpmg.dk>.

- 受影响的程序版本

BEA Systems Weblogic Server 6.1 SP 1
- HP HP-UX 11.0
- HP HP-UX 11i v1
- IBM AIX 4.3.3
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- RedHat Linux 7.1 i386
- RedHat Linux 6.2 i386
- Sun Solaris 8_sparc
- Sun Solaris 2.7_sparc
- Sun Solaris 2.6_sparc
BEA Systems Weblogic Server 6.1
- HP HP-UX 11.0
- HP HP-UX 11i v1
- IBM AIX 4.3.3
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- RedHat Linux 7.1 i386
- RedHat Linux 6.2 i386
- Sun Solaris 8_sparc
- Sun Solaris 2.7_sparc
- Sun Solaris 2.6_sparc
BEA Systems Weblogic Server 6.1 SP 2
- HP HP-UX 11.0
- HP HP-UX 11i v1
- IBM AIX 4.3.3
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- RedHat Linux 7.1 i386
- RedHat Linux 6.2 i386
- Sun Solaris 8_sparc
- Sun Solaris 2.7_sparc
- Sun Solaris 2.6_sparc

- 不受影响的程序版本

BEA Systems Weblogic Server 6.1 SP 2
- HP HP-UX 11.0
- HP HP-UX 11i v1
- IBM AIX 4.3.3
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- RedHat Linux 7.1 i386
- RedHat Linux 6.2 i386
- Sun Solaris 8_sparc
- Sun Solaris 2.7_sparc
- Sun Solaris 2.6_sparc

- 漏洞讨论

BEA Systems WebLogic Server is an enterprise level web and wireless application server for Microsoft Windows and most Unix and Linux vendors.

It is possible to remotely crash a system running Bea Systems WebLogic Server by submitting numerous URL requests for a MS-DOS devicename appended with a .jsp extension, such as

www.example.com/aux.jsp

A hard reboot of the exploited server will be required to restore web services.

- 漏洞利用

No exploit code required.

- 解决方案

BEA Systems has addressed this issue with Service Pack 2:

http://commerce.beasys.com

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站