Detections
Analytics

ServletExec 4.1 / JRun ISAPI Multiple DoS

critical Nessus Plugin ID 10958

Synopsis

The remote web server is prone to a denial of service attack.

Description

By sending an overly long request for a .jsp file, it is possible to crash the remote web server.

This problem is known as the ServletExec / JRun ISAPI DoS.

Solution

Download patch #9 from ftp://ftp.newatlanta.com/public/4_1/patches/

See Also

https://www.westpoint.ltd.uk/advisories/wp-02-0006.txt

Plugin Details

Severity: Critical

ID: 10958

File Name: servletExec_DoS.nasl

Version: 1.31

Type: remote

Family: CGI abuses

Published: 5/22/2002

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Excluded KB Items: www/too_long_url_crash

Exploit Ease: No exploit is required

Vulnerability Publication Date: 5/22/2002

Reference Information

CVE: CVE-2000-0681, CVE-2002-0894

BID: 1570, 4796