BlueDragon Server/Server JX 6 多个拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110508 漏洞类型 设计错误
发布时间 2006-06-23 更新时间 2006-06-27
CVE编号 CVE-2006-2310 CNNVD-ID CNNVD-200606-498
漏洞平台 CFM CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/28100
https://www.securityfocus.com/bid/18624
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200606-498
|漏洞详情
用于Windows的BlueDragonServer和ServerJX6.2.1.286可以使远程攻击者借助其名称包含(1)con,(2)aux,(3)com1和(4)com2等MS-DOS设备名的.cfm文件的请求,引起拒绝服务(挂起)。
|漏洞EXP
source: http://www.securityfocus.com/bid/18624/info

BlueDragon is prone to a remote denial-of-service vulnerability. This issue is due to the application's failure to efficiently handle malformed GET requests.

An attacker can exploit this issue to cause the service to stop responding, effectively denying service to legitimate users.

This issue affects version 6.2.1.286; other versions may also be vulnerable.

http://www.example.com/con.cfm 
http://www.example.com/aux.cfm 
http://www.example.com/com1.cfm 
http://www.example.com/com2.cfm
|受影响的产品
New Atlanta BlueDragon Server JX 6.2.1 .286 New Atlanta BlueDragon Server J2EE 6.2.1 .286 New Atlanta BlueDragon Server 6.2.1 .286
|参考资料

来源:BID
名称:18624
链接:http://www.securityfocus.com/bid/18624
来源:VUPEN
名称:ADV-2006-2502
链接:http://www.frsirt.com/english/advisories/2006/2502
来源:SECUNIA
名称:19180
链接:http://secunia.com/advisories/19180
来源:MISC
链接:http://secunia.com/secunia_research/2006-18/advisory