Vulnerabilities > CVE-2004-2496 - Remote Denial Of Service vulnerability in OpenText FirstClass HTTP Daemon Search Function

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
low complexity
opentext
nessus
exploit available

Summary

The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote attackers to cause a denial of service (service availability loss) via a large number of POST requests to /Search.

Vulnerable Configurations

Part Description Count
Application
Opentext
2

Exploit-Db

descriptionOpenText FirstClass 8.0 HTTP Daemon /Search Remote DoS. CVE-2004-2496. Dos exploit for windows platform
idEDB-ID:687
last seen2016-01-31
modified2004-12-15
published2004-12-15
reporterdila
sourcehttps://www.exploit-db.com/download/687/
titleOpenText FirstClass 8.0 HTTP Daemon /Search Remote DoS

Nessus

NASL familyWeb Servers
NASL idFIRSTCLASS_HTTP_DOS.NASL
descriptionThe remote host is running OpenText FirstClass, a web-based unified messaging system. The remote version of this software is vulnerable to an unspecified denial of service attack that could allow an attacker to disable this service remotely.
last seen2020-06-01
modified2020-06-02
plugin id15934
published2004-12-11
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/15934
titleOpenText FirstClass HTTP Daemon /Search Large Request Remote DoS
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if(description)
{
 script_id(15934);
 script_version ("1.17");
 script_cve_id("CVE-2004-2496");
 script_bugtraq_id(11877);
 
 script_name(english:"OpenText FirstClass HTTP Daemon /Search Large Request Remote DoS");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote web server is susceptible to a denial of service attack." );
 script_set_attribute(attribute:"description", value:
"The remote host is running OpenText FirstClass, a web-based unified
messaging system. 

The remote version of this software is vulnerable to an unspecified
denial of service attack that could allow an attacker to disable this
service remotely." );
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2004/Dec/338" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to a version newer than FirstClass OpenText 8.0.0." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");


 script_set_attribute(attribute:"plugin_publication_date", value: "2004/12/11");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/12/14");
 script_cvs_date("Date: 2018/11/15 20:50:25");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

 
 script_summary(english:"Checks for FirstClass");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
 script_family(english:"Web Servers");
 script_dependencie("find_service1.nasl", "http_version.nasl");
 script_require_ports("Services/www", 80);
 exit(0);
}

#
# The script code starts here
#
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80);

banner = get_http_banner(port:port);
if(banner)
{ 
  if(egrep(pattern:"^Server: FirstClass/([0-7]\.|8\.0[^0-9])", string:banner))
   	security_hole(port);
}