Microsoft ASP.NET MS-DOS Device Name DoS (PCI-DSS check)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

A framework used by the remote web server has a denial of service
vulnerability.

Description :

The web server running on the remote host appears to be using Microsoft
ASP.NET, and may be affected by a denial of service vulnerability.
Requesting a URL containing an MS-DOS device name can cause the web
server to become temporarily unresponsive. An attacker could repeatedly
request these URLs, resulting in a denial of service.

Additionally, there is speculation that this vulnerability could result
in code execution if an attacker with physical access to the machine
connects to a serial port.

This plugin does not attempt to exploit the vulnerability and only runs
when 'Check for PCI-DSS compliance' is enabled in the scan policy. This
plugin reports all web servers using ASP.NET 1.1. If it cannot
determine the version, it will report all web servers using ASP.NET.
Manual verification is required to determine if a vulnerability is
present.

See also :

http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0377.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0419.html
http://www.nessus.org/u?d32fbf50

Solution :

Use an ISAPI filter to block requests for URLs with MS-DOS
device names.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.8
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 64589 ()

Bugtraq ID: 51527

CVE ID: CVE-2007-2897