Vulnerabilities > CVE-2004-0331 - Unspecified vulnerability in Dell Openmanage

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

dell

metasploit

NVD

Published: 2004-11-23

Updated: 2017-07-11

Summary

Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows remote attackers to cause a denial of service (crash) via a HTTP POST with a long application variable.

Vulnerable Configurations

Part	Description	Count
Application	Dell Dell Openmanage 3.4 Dell Openmanage 3.7.1 Dell Openmanage 3.7 Dell Openmanage 3.2	4

Metasploit

description	This module exploits a heap overflow in the Dell OpenManage Web Server (omws32.exe), versions 3.2-3.7.1. The vulnerability exists due to a boundary error within the handling of POST requests, where the application input is set to an overly long file name. This module will crash the web server, however it is likely exploitable under certain conditions.
id	MSF:AUXILIARY/DOS/HTTP/DELL_OPENMANAGE_POST
last seen	2020-05-23
modified	2017-11-08
published	2009-06-23
references	http://archives.neohapsis.com/archives/bugtraq/2004-02/0650.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0331
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/http/dell_openmanage_post.rb
title	Dell OpenManage POST Request Heap Overflow (win32)

Summary

Vulnerable Configurations

Metasploit

References