Vulnerabilities > CVE-2004-2496

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

nessus

exploit available

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote attackers to cause a denial of service (service availability loss) via a large number of POST requests to /Search.

Vulnerable Configurations

Part	Description	Count
Application	Opentext Opentext Opentext Firstclass 7.1 Opentext Opentext Firstclass 8.0	2

Exploit-Db

description	OpenText FirstClass 8.0 HTTP Daemon /Search Remote DoS. CVE-2004-2496. Dos exploit for windows platform
id	EDB-ID:687
last seen	2016-01-31
modified	2004-12-15
published	2004-12-15
reporter	dila
source	https://www.exploit-db.com/download/687/
title	OpenText FirstClass 8.0 HTTP Daemon /Search Remote DoS

Nessus

NASL family	Web Servers
NASL id	FIRSTCLASS_HTTP_DOS.NASL
description	The remote host is running OpenText FirstClass, a web-based unified messaging system. The remote version of this software is vulnerable to an unspecified denial of service attack that could allow an attacker to disable this service remotely.
last seen	2020-06-01
modified	2020-06-02
plugin id	15934
published	2004-12-11
reporter	This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15934
title	OpenText FirstClass HTTP Daemon /Search Large Request Remote DoS
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(15934); script_version ("1.17"); script_cve_id("CVE-2004-2496"); script_bugtraq_id(11877); script_name(english:"OpenText FirstClass HTTP Daemon /Search Large Request Remote DoS"); script_set_attribute(attribute:"synopsis", value: "The remote web server is susceptible to a denial of service attack." ); script_set_attribute(attribute:"description", value: "The remote host is running OpenText FirstClass, a web-based unified messaging system. The remote version of this software is vulnerable to an unspecified denial of service attack that could allow an attacker to disable this service remotely." ); script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2004/Dec/338" ); script_set_attribute(attribute:"solution", value: "Upgrade to a version newer than FirstClass OpenText 8.0.0." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/12/11"); script_set_attribute(attribute:"vuln_publication_date", value: "2004/12/14"); script_cvs_date("Date: 2018/11/15 20:50:25"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_summary(english:"Checks for FirstClass"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_family(english:"Web Servers"); script_dependencie("find_service1.nasl", "http_version.nasl"); script_require_ports("Services/www", 80); exit(0); } # # The script code starts here # include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:80); banner = get_http_banner(port:port); if(banner) { if(egrep(pattern:"^Server: FirstClass/([0-7]\.\|8\.0[^0-9])", string:banner)) security_hole(port); }

Vulnerabilities > CVE-2004-2496 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2004-2496"}]}

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References

Vulnerabilities > CVE-2004-2496