Polycom ViaVideo Web Server Incomplete HTTP Connection Saturation Remote DoS

This script is Copyright (C) 2003-2011 Tenable Network Security, Inc.


Synopsis :

The remote web server is affected by a remote denial of service
vulnerability.

Description :

The remote web server locks up when several incomplete web
requests are sent and the connections are kept open.

Some servers (e.g. Polycom ViaVideo) even run an endless loop,
using much CPU on the machine. Nessus has no way to test this,
but you'd better check your machine.

See also :

http://archives.neohapsis.com/archives/bugtraq/2002-10/0191.html
http://www.polycom.com/common/pw_item_show_doc/0,1449,1442,00.pdf

Solution :

Contact your vendor for a patch.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 11825 (incomplete_http_requests_DoS.nasl)

Bugtraq ID: 5962

CVE ID: CVE-2002-1906