Faust Informatics Freestyle Chat服务器服务拒绝漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1106354 漏洞类型 未知
发布时间 2001-05-25 更新时间 2005-05-02
CVE编号 CVE-2001-0616 CNNVD-ID CNNVD-200108-079
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/20883
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200108-079
|漏洞详情
在4.1SR3版本之前的FaustInformaticsFreestyleChat服务器存在漏洞。远程攻击者可以借助含MS-DOS设备名(如:GET/auxHTTP/1.0)的URL请求创建服务拒绝。
|漏洞EXP
source: http://www.securityfocus.com/bid/2777/info

A problem with the chat server makes it possible to deny service to legitmate users.

By submitting a request to the webserver including the 'AUX' MS-DOS device name, the webserver can be made to cease functioning.

The process has to be manually restarted to resume normal operation. 

http://www.server.com/aux
|参考资料

来源:XF
名称:freestyle-chat-device-dos(6602)
链接:http://xforce.iss.net/static/6602.php
来源:BID
名称:2777
链接:http://www.securityfocus.com/bid/2777
来源:BUGTRAQ
名称:20010525AdvisoryforFreestyleChatserver
链接:http://archives.neohapsis.com/archives/bugtraq/2001-05/0241.html