Polycom ViaVideo Web Server Incomplete HTTP Connection Saturation Remote DoS

medium Nessus Plugin ID 11825

Language:

Synopsis

The remote web server is affected by a remote denial of service vulnerability.

Description

The remote web server locks up when several incomplete web requests are sent and the connections are kept open.

Some servers (e.g. Polycom ViaVideo) even run an endless loop, using much CPU on the machine. Nessus has no way to test this, but you'd better check your machine.

Solution

Contact your vendor for a patch.

See Also

https://seclists.org/bugtraq/2002/Oct/195

http://www.polycom.com/common/pw_item_show_doc/0,1449,1442,00.pdf

Plugin Details

Severity: Medium

ID: 11825

File Name: incomplete_http_requests_DoS.nasl

Version: 1.24

Type: remote

Family: Web Servers

Published: 9/1/2003

Updated: 6/12/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2002-1906

BID: 5962