Web Server HTTP Header Memory Exhaustion DoS

high Nessus Plugin ID 11084

Synopsis

The remote web server is vulnerable to the 'infinite request' attack.

Description

It was possible to kill the web server by sending an invalid 'infinite' HTTP request that never ends, like:
GET / HTTP/1.0 Referer: XXXXXXXXXXXXXXXXXXXXXXXX ...

An attacker may exploit this vulnerability to make your web server crash continually (if the attack saturates virtual memory on the target) or even execute arbitrary code on your system (in case of buffer / heap overflow).

Solution

Upgrade your software or protect it with a filtering reverse proxy.

Plugin Details

Severity: High

ID: 11084

File Name: www_infinite_request_DoS.nasl

Version: 1.46

Type: remote

Family: Web Servers

Published: 8/18/2002

Updated: 6/12/2020

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 3/8/2001

Reference Information

BID: 2465

Detections

Analytics