Xylogics Annex Terminal Service ping CGI Program DoS

high Nessus Plugin ID 10017

Synopsis

The remote host is vulnerable to a denial of service.

Description

It was possible to crash the remote Annex terminal by connecting to the HTTP port, and requesting the '/ping' CGI script with an argument that is too long. For example:

http://www.example.com/ping?query=AAAAA(...)AAAAA

Solution

Remove the '/ping' CGI script from your web server.

Plugin Details

Severity: High

ID: 10017

File Name: annex_dos.nasl

Version: 1.41

Type: remote

Family: CGI abuses

Published: 6/22/1999

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Vulnerability Publication Date: 7/25/1998

Reference Information

CVE: CVE-1999-1070

Detections

Analytics