Detections
Analytics
WindWeb <= 2.0 Malformed GET Request Remote DoS
medium Nessus Plugin ID 20097
Language:
Synopsis
The remote web server is prone to denial of service attacks.Description
The remote host appears to be running the WindWeb web server, which is found on embedded devices running Wind River Systems' VxWorks such as certain ADSL modems and routers.The version of WindWeb installed on the remote host is affected by a remote denial of service vulnerability when it receives maliciously- crafted requests. An attacker may be able to leverage this issue to deny access to the web server to legitimate users.
Solution
Limit access to the web server.See Also
https://downloads.securityfocus.com/vulnerabilities/exploits/Hasbani_dos.c
Plugin Details
Severity: Medium
ID: 20097
File Name: windweb_20_dos.nasl
Version: 1.15
Type: remote
Family: Web Servers
Published: 10/28/2005
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.2
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
Vulnerability Information
Exploit Available: true
Exploit Ease: Exploits are available
Vulnerability Publication Date: 10/27/2005
Reference Information
CVE: CVE-2005-3475
BID: 15225