Vulnerabilities > CVE-2004-0331 - Heap Overflow vulnerability in Dell OpenManage Web Server POST Request

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

dell

metasploit

NVD

Published: 2004-11-23

Updated: 2017-07-11

Summary

Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows remote attackers to cause a denial of service (crash) via a HTTP POST with a long application variable.

Vulnerable Configurations

Part	Description	Count
Application	Dell Dell Openmanage 3.2 Dell Openmanage 3.4 Dell Openmanage 3.7 Dell Openmanage 3.7.1	4

Metasploit

description	This module exploits a heap overflow in the Dell OpenManage Web Server (omws32.exe), versions 3.2-3.7.1. The vulnerability exists due to a boundary error within the handling of POST requests, where the application input is set to an overly long file name. This module will crash the web server, however it is likely exploitable under certain conditions.
id	MSF:AUXILIARY/DOS/HTTP/DELL_OPENMANAGE_POST
last seen	2020-05-23
modified	2017-11-08
published	2009-06-23
references	http://archives.neohapsis.com/archives/bugtraq/2004-02/0650.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0331
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/http/dell_openmanage_post.rb
title	Dell OpenManage POST Request Heap Overflow (win32)

Summary

Vulnerable Configurations

Metasploit

References