Web Server HTTP Header Memory Exhaustion DoS

This script is Copyright (C) 2002-2016 Tenable Network Security, Inc.


Synopsis :

The remote web server is vulnerable to the 'infinite request' attack.

Description :

It was possible to kill the web server by sending an invalid 'infinite'
HTTP request that never ends, like:
GET / HTTP/1.0
Referer: XXXXXXXXXXXXXXXXXXXXXXXX ...


An attacker may exploit this vulnerability to make your web server crash
continually (if the attack saturates virtual memory on the target) or
even execute arbitrary code on your system (in case of buffer / heap
overflow).

Solution :

Upgrade your software or protect it with a filtering reverse proxy.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 11084 ()

Bugtraq ID: 2465

CVE ID:

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial