Fastream NETFile FTP/Web Server HEAD Request Saturation DoS

This script is Copyright (C) 2004-2011 Tenable Network Security, Inc.


Synopsis :

The remote web server is prone to a denial of service attack.

Description :

The remote host appears to be running FastStream NETFile Server
version 7.1 or older. These versions do not close the connection when
an HTTP HEAD request is received with the keep-alive option set. An
attacker may exploit this flaw by sending multiple HEAD requests to
the remote host, thus consuming all its file descriptors until it does
not accept connections any more.

See also :

http://users.pandora.be/bratax/advisories/b003.html

Solution :

Upgrade to version 7.1.3 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:H/RL:U/RC:ND)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 15764 (faststream_head_dos.nasl)

Bugtraq ID: 11687

CVE ID: CVE-2004-2534

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial