Fastream NETFile FTP/Web Server HEAD Request Saturation DoS

This script is Copyright (C) 2004-2011 Tenable Network Security, Inc.


Synopsis :

The remote web server is prone to a denial of service attack.

Description :

The remote host appears to be running FastStream NETFile Server
version 7.1 or older. These versions do not close the connection when
an HTTP HEAD request is received with the keep-alive option set. An
attacker may exploit this flaw by sending multiple HEAD requests to
the remote host, thus consuming all its file descriptors until it does
not accept connections any more.

See also :

http://users.pandora.be/bratax/advisories/b003.html

Solution :

Upgrade to version 7.1.3 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:H/RL:U/RC:ND)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 15764 (faststream_head_dos.nasl)

Bugtraq ID: 11687

CVE ID: CVE-2004-2534