JanaServer < 2.4.5 Multiple Remote DoS

high Nessus Plugin ID 15862

Synopsis

The remote service has multiple denial of service vulnerabilities.

Description

According to its banner, the version of JanaServer running on the remote host has the following denial of service vulnerabilities :

- The 'http-server' module (TCP port 2506) does not correctly process requests containing a lot of occurences of the '%' character, causing it to consume a large amount of CPU resources.

- The 'pna-proxy' module (TCP port 1090) has an infinite loop vulnerability when it receives a data block size larger than the amount of data that is actually sent.

A remote attacker can reportedly freeze the server after fifteen or more attempts to exploit these vulnerabilities.

Solution

Upgrade to JanaServer 2.4.5 or later.

See Also

https://seclists.org/bugtraq/2004/Nov/401

Plugin Details

Severity: High

ID: 15862

File Name: jana_server_dos.nasl

Version: 1.12

Type: remote

Agent: windows

Family: Windows

Published: 11/30/2004

Updated: 11/15/2018

Supported Sensors: Nessus

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 11/30/2004

Reference Information

BID: 11780

Secunia: 13333