Polycom ViaVideo Web Server Incomplete HTTP Connection Saturation Remote DoS

This script is Copyright (C) 2003-2011 Tenable Network Security, Inc.


Synopsis :

The remote web server is affected by a remote denial of service
vulnerability.

Description :

The remote web server locks up when several incomplete web
requests are sent and the connections are kept open.

Some servers (e.g. Polycom ViaVideo) even run an endless loop,
using much CPU on the machine. Nessus has no way to test this,
but you'd better check your machine.

See also :

http://archives.neohapsis.com/archives/bugtraq/2002-10/0191.html
http://www.polycom.com/common/pw_item_show_doc/0,1449,1442,00.pdf

Solution :

Contact your vendor for a patch.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 11825 (incomplete_http_requests_DoS.nasl)

Bugtraq ID: 5962

CVE ID: CVE-2002-1906

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial