Denial of Service using Partial GET Request in Mozilla Firefox 3.06

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052192 漏洞类型
发布时间 2009-02-13 更新时间 2009-02-13
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2009020033
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
 ============================================================
!vuln
Mozilla Firefox 3.06
Previous versions may also be affected.
============================================================

============================================================
!risk
Medium
There are currently many users using Mozilla Firefox.
However, there has been no confirmation of remote execution
of arbitrary code yet.
============================================================

============================================================
!info
Tested on:
Windows Vista Version Service Pack 1 Build 6001
Processor Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz,
2401 Mhz, 2 Core(s), 2 Logical Processor(s)

User Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US;
rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6
(.NET CLR 3.5.30729)
============================================================

============================================================
!discussion
The Partial GET Request (HTTP 206 Status Code) of a WAV file
results in a Denial of Service of the application.

Last HTTP packet from Firefox before the DoS is listed below
in RAW format:
GET /fpaudio/footprints_waves.wav HTTP/1.1
Accept: */*
User-Agent: NSPlayer/11.0.6001.7001 WMFSDK/11.0
UA-CPU: x86
Accept-Encoding: gzip, deflate
Range: bytes=34848-
Unless-Modified-Since: Mon, 09 Jul 2007 12:44:57 GMT
If-Range: "4f0018-440f2-434d403204440"
Host: www.footprints-inthe-sand.com
Connection: Keep-Alive

The OK GET Request (HTTP 200 Status Code) of the WAV file is
listed below in RAW format:
GET /fpaudio/footprints_waves.wav HTTP/1.1
Accept: */*
User-Agent: Windows-Media-Player/10.00.00.3802
UA-CPU: x86
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: www.footprints-inthe-sand.com
============================================================

============================================================
!Proof of Concept
http://www.footprints-inthe-sand.com/index.php?page=
Poem/Poem.php
============================================================

============================================================
!solution
There is currently no solution. The vendor has not yet been 
notified.
============================================================

============================================================
!greetz
Greetz go out to the people who know me.
============================================================

============================================================
!author
Xia Shing Zee
============================================================