Vulnerabilities > CVE-2001-0493 - Unspecified vulnerability in MAX Feoktistov Small Http Server 2.03
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN max-feoktistov
nessus
Summary
Small HTTP server 2.03 allows remote attackers to cause a denial of service via a URL that contains an MS-DOS device name such as aux.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | Web Servers |
| NASL id | HTTP_W98_DEVNAME_DOS.NASL |
| description | It was possible to freeze or reboot Windows by reading a MS/DOS device through HTTP, using a file name like CON\CON, AUX.htm, or AUX. An attacker could exploit this flaw to deny service to the affected system. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 10930 |
| published | 2002-03-29 |
| reporter | This script is Copyright (C) 2002-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/10930 |
| title | Multiple Web Server on Windows MS/DOS Device Request Remote DOS |
References
- http://archives.neohapsis.com/archives/bugtraq/2001-04/0428.html
- http://archives.neohapsis.com/archives/bugtraq/2001-04/0428.html
- http://home.lanck.net/mf/srv/index.htm
- http://home.lanck.net/mf/srv/index.htm
- http://www.securityfocus.com/bid/2649
- http://www.securityfocus.com/bid/2649
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6446
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6446