LabVIEW Web Server服务拒绝漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1106690 漏洞类型 未知
发布时间 2002-04-19 更新时间 2005-05-02
CVE编号 CVE-2002-0748 CNNVD-ID CNNVD-200208-177
漏洞平台 Multiple CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/21413
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200208-177
|漏洞详情
LabVIEWWebServer5.1.1至6.1版本存在漏洞。远程攻击者可以借助两个换行字符(而不是预定carriage返回/换行组合)尾部的HTTPGET请求导致服务拒绝(崩溃),
|漏洞EXP
source: http://www.securityfocus.com/bid/4577/info

A vulnerability has been reported in some versions of National Instruments LabVIEW for Linux and Microsoft Windows.

LabVIEW includes an integrated HTTP server. If a malformed HTTP request is received, it is possible to crash the LabVIEW Web Server and LabVIEW itself. This condition occurs when an HTTP GET request is received and terminated with two new line characters, as opposed to the compliant carriage return / new line combination.

GET\s/\sHTTP/1.0\n\n
|参考资料

来源:BID
名称:4577
链接:http://www.securityfocus.com/bid/4577
来源:XF
名称:labview-http-get-dos(8919)
链接:http://www.iss.net/security_center/static/8919.php
来源:digital.ni.com
链接:http://digital.ni.com/public.nsf/websearch/4C3F86E655E5389886256BA00064B22F?OpenDocument
来源:BUGTRAQ
名称:20020423LabVIEWWebServerDoSVulnerability
链接:http://archives.neohapsis.com/archives/bugtraq/2002-04/0323.html
来源:OSVDB
名称:5119
链接:http://www.osvdb.org/5119