Vulnerabilities > CVE-2001-0558 - Unspecified vulnerability in T. Hauck Jana web Server

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
t-hauck
nessus
exploit available

Summary

T. Hauck Jana Webserver 2.01 beta 1 and earlier allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (i.e. GET /aux HTTP/1.0).

Exploit-Db

descriptionT. Hauck Jana Server 1.45/1.46/2.0 MS-DOS Device Name DoS Vulnerability. CVE-2001-0558. Dos exploit for windows platform
idEDB-ID:20830
last seen2016-02-02
modified2001-05-07
published2001-05-07
reporterneme-dhc
sourcehttps://www.exploit-db.com/download/20830/
titleT. Hauck Jana Server 1.45/1.46/2.0 - MS-DOS Device Name DoS Vulnerability

Nessus

NASL familyWeb Servers
NASL idHTTP_W98_DEVNAME_DOS.NASL
descriptionIt was possible to freeze or reboot Windows by reading a MS/DOS device through HTTP, using a file name like CON\CON, AUX.htm, or AUX. An attacker could exploit this flaw to deny service to the affected system.
last seen2020-06-01
modified2020-06-02
plugin id10930
published2002-03-29
reporterThis script is Copyright (C) 2002-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/10930
titleMultiple Web Server on Windows MS/DOS Device Request Remote DOS