Vulnerabilities > CVE-2005-4806 - Denial-Of-Service vulnerability in SUN Java System web Proxy Server 3.6

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
sun
nessus
NVD
Published: 2005-12-31
Updated: 2011-03-08

Summary

Multiple unspecified vulnerabilities in Sun Java System Web Proxy Server 3.6 SP7 and earlier allow remote attackers to cause a denial of service (unresponsive service) via unknown vectors.

Vulnerable Configurations

Part Description Count
Application
Sun
8

Nessus

NASL familyWeb Servers
NASL idSUNONE_WEBPROXY_DOS.NASL
descriptionThe remote host is running Java System Web Proxy Server / Sun ONE Web Proxy Server. According to its banner, the installed Web Proxy Server reportedly suffers from an unspecified remote denial of service vulnerability. By exploiting this flaw, an attacker could cause the affected application to fail to respond to further requests.
last seen2020-06-01
modified2020-06-02
plugin id19697
published2005-09-14
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/19697
titleSun Java System Web Proxy Server Multiple Unspecified Remote DoS
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description) {
  script_id(19697);
  script_version("1.15");

  script_cve_id("CVE-2005-4806");
  script_bugtraq_id(14788);

  script_name(english:"Sun Java System Web Proxy Server Multiple Unspecified Remote DoS");
 
  script_set_attribute(attribute:"synopsis", value:
"The remote proxy server is prone to a denial of service attack." );
  script_set_attribute(attribute:"description", value:
"The remote host is running Java System Web Proxy Server / Sun ONE Web
Proxy Server. 

According to its banner, the installed Web Proxy Server reportedly
suffers from an unspecified remote denial of service vulnerability. 
By exploiting this flaw, an attacker could cause the affected
application to fail to respond to further requests." );
  # http://web.archive.org/web/20060523234118/http://sunsolve.sun.com/search/document.do?assetkey=1-26-101913-1
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9e566f57");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Web Proxy Server 3.6 Service Pack 8 or later." );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"plugin_publication_date", value: "2005/09/14");
  script_set_attribute(attribute:"vuln_publication_date", value: "2005/09/09");
  script_set_attribute(attribute:"patch_publication_date", value: "2005/09/08");
  script_cvs_date("Date: 2018/07/31 17:27:57");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();

  script_summary(english:"Checks for unspecified remote denial of service vulnerability in Sun Java System Web Proxy Server");
  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");
  script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
  script_dependencies("http_version.nasl");
  script_require_ports("Services/www", 80, 443);

  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");


port = get_http_port(default:80);

banner = http_get_cache(port:port, item: "/", exit_on_fail: 1);
if (
  "Web-Proxy-Server/" >< banner &&
  banner =~ "^Forwarded: .* \(Sun-.+-Web-Proxy-Server/([0-2]\..*|3\.([0-5]\..*|6(\)|-SP[0-7])))"
) security_warning(port);

References