Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.900402
Kategorie:Denial of Service
Titel:Pi3Web ISAPI Requests Handling DoS Vulnerability
Zusammenfassung:Pi3Web is prone to ISAPI Requests Handling DoS vulnerability.
Beschreibung:Summary:
Pi3Web is prone to ISAPI Requests Handling DoS vulnerability.

Vulnerability Insight:
This vulnerability is due to insufficient checks on incoming HTTP
requests in the 'ISAPI' directory. This can be exploited via 'install.daf',
'readme.daf', or 'users.txt' files in the affected directory.

Vulnerability Impact:
Successful exploitation will crash Pi3Web Server.

Affected Software/OS:
Pi3Wed.org Pi3Web version 2.0.13 and prior on all running platforms.

Solution:
- Disable ISAPI mapping in server configuration in Server Admin-> Mapping Tab.

- Delete the users.txt, install.daf and readme.daf in ISAPI folder.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Querverweis: BugTraq ID: 32287
Common Vulnerability Exposure (CVE) ID: CVE-2008-6938
http://www.securityfocus.com/bid/32287
Bugtraq: 20081122 Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability (Google Search)
http://www.securityfocus.com/archive/1/498575
Bugtraq: 20081122 Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2008-11/0171.html
Bugtraq: 20081201 Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability (Google Search)
http://www.securityfocus.com/archive/1/498602
http://www.securityfocus.com/archive/1/498770
http://www.securityfocus.com/archive/1/498771
Bugtraq: 20081203 Re: Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability (Google Search)
http://www.securityfocus.com/archive/1/498865
https://www.exploit-db.com/exploits/7109
http://www.osvdb.org/49998
http://www.osvdb.org/49999
http://secunia.com/advisories/32696
XForce ISS Database: pi3web-isapi-dos(46600)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46600
CopyrightCopyright (C) 2008 SecPod

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.