IBM HTTP Server和Websphere Fast Response Cache Accelerator (FRCA) AfpaCache Kernel leak拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1106158 漏洞类型 未知
发布时间 2001-01-08 更新时间 2006-08-31
CVE编号 CVE-2001-0122 CNNVD-ID CNNVD-200103-074
漏洞平台 Multiple CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/20531
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200103-074
|漏洞详情
IBMHTTPServer1.3.x和Websphere3.52的FastResponseCacheAccelerator(FRCA)组件的AfpaCache模块的Kernelleak存在漏洞。远程攻击者可以借助一系列生成“badrequest”错误的畸形HTTP请求导致服务拒绝。
|漏洞EXP
source: http://www.securityfocus.com/bid/2175/info

IBM HTTP Server contains AfpaCache directive which turns the Fast Response Cache Accelerator function on or off. WebSphere is a series of applications which are built upon IBM HTTP Server.

Both IBM HTTP Server and Websphere are subject to a denial of service. This is caused by exhausting computer resources with malformed HTTP GET requests. A restart of the service is required inorder to gain normal functionality.

GET / HTTP/1.0\r\nuser-agent: 20000xnull\r\n\r\n

This request must be made multiple times before the system will freeze.
|参考资料

来源:BID
名称:2175
链接:http://www.securityfocus.com/bid/2175
来源:BUGTRAQ
名称:20010108def-2001-02:IBMWebsphere3.52KernelLeakDoS
链接:http://archives.neohapsis.com/archives/bugtraq/2001-01/0079.html
来源:www-4.ibm.com
链接:http://www-4.ibm.com/software/webservers/security.html
来源:XF
名称:ibm-websphere-dos(5900)
链接:http://xforce.iss.net/static/5900.php
来源:BUGTRAQ
名称:20010307def-2001-02:IBMHTTPServerKernelLeakDoS(re-release)
链接:http://archives.neohapsis.com/archives/bugtraq/2001-03/0061.html