WindWeb <= 2.0 Malformed GET Request Remote DoS

This script is Copyright (C) 2005-2011 Tenable Network Security, Inc.


Synopsis :

The remote web server is prone to denial of service attacks.

Description :

The remote host appears to be running the WindWeb web server, which is
found on embedded devices running Wind River Systems' VxWorks such as
certain ADSL modems and routers.

The version of WindWeb installed on the remote host is affected by a
remote denial of service vulnerability when it receives maliciously-
crafted requests. An attacker may be able to leverage this issue to
deny access to the web server to legitimate users.

See also :

http://downloads.securityfocus.com/vulnerabilities/exploits/Hasbani_dos.c

Solution :

Limit access to the web server.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.8
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 20097 ()

Bugtraq ID: 15225

CVE ID: CVE-2005-3475