This script is Copyright (C) 2004-2011 Tenable Network Security, Inc.
The remote service has multiple denial of service vulnerabilities.
According to its banner, the version of JanaServer running on the
remote host has the following denial of service vulnerabilities :
- The 'http-server' module (TCP port 2506) does not
correctly process requests containing a lot of
occurences of the '%' character, causing it to
consume a large amount of CPU resources.
- The 'pna-proxy' module (TCP port 1090) has an infinite
loop vulnerability when it receives a data block size
larger than the amount of data that is actually sent.
A remote attacker can reportedly freeze the server after fifteen or
more attempts to exploit these vulnerabilities.
See also :
Upgrade to JanaServer 2.4.5 or later.
Risk factor :
High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.4
Public Exploit Available : true
Nessus Plugin ID: 15862 (jana_server_dos.nasl)
Bugtraq ID: 11780