Detections
Analytics
Microsoft ASP.NET MS-DOS Device Name DoS (PCI-DSS check)
medium Nessus Plugin ID 64589
Language:
Synopsis
A framework used by the remote web server has a denial of service vulnerability.Description
The web server running on the remote host appears to be using Microsoft ASP.NET, and may be affected by a denial of service vulnerability. Requesting a URL containing an MS-DOS device name can cause the web server to become temporarily unresponsive. An attacker could repeatedly request these URLs, resulting in a denial of service.Additionally, there is speculation that this vulnerability could result in code execution if an attacker with physical access to the machine connects to a serial port.
This plugin does not attempt to exploit the vulnerability and only runs when 'Check for PCI-DSS compliance' is enabled in the scan policy. This plugin reports all web servers using ASP.NET 1.1. If it cannot determine the version, it will report all web servers using ASP.NET. Manual verification is required to determine if a vulnerability is present.
Solution
Use an ISAPI filter to block requests for URLs with MS-DOS device names.See Also
https://seclists.org/fulldisclosure/2007/May/378
Plugin Details
Severity: Medium
ID: 64589
File Name: asp_net_device_dos2.nasl
Version: 1.9
Type: remote
Family: Web Servers
Published: 2/13/2013
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
CVSS Score Rationale: An in-depth analysis by tenable researchers revealed this to be a dos only exploit.
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Score Source: manual
Vulnerability Information
CPE: cpe:/a:microsoft:asp.net, cpe:/o:microsoft:windows
Required KB Items: Settings/PCI_DSS
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 5/22/2007
Reference Information
CVE: CVE-2007-2897
BID: 51527