Vulnerabilities > CVE-2003-1084 - Denial of Service vulnerability in Monit HTTP Content-Length Parameter

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
tildeslash
nessus

Summary

Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request with a negative Content-Length field.

Nessus

NASL familyGentoo Local Security Checks
NASL idGENTOO_GLSA-200403-14.NASL
descriptionThe remote host is affected by the vulnerability described in GLSA-200403-14 (Multiple Security Vulnerabilities in Monit) A denial of service may occur due to Monit not sanitizing remotely supplied HTTP parameters before passing them to memory allocation functions. This could allow an attacker to cause an unexpected condition that could lead to the Monit daemon crashing. An overly long http request method may cause a buffer overflow due to Monit performing insufficient bounds checking when handling HTTP requests. Impact : An attacker may crash the Monit daemon to create a denial of service condition or cause a buffer overflow that would allow arbitrary code to be executed with root privileges. Workaround : A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.
last seen2020-06-01
modified2020-06-02
plugin id14465
published2004-08-30
reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/14465
titleGLSA-200403-14 : Multiple Security Vulnerabilities in Monit