JanaServer < 2.4.5 Multiple Remote DoS

This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.

Synopsis :

The remote service has multiple denial of service vulnerabilities.

Description :

According to its banner, the version of JanaServer running on the
remote host has the following denial of service vulnerabilities :

- The 'http-server' module (TCP port 2506) does not
correctly process requests containing a lot of
occurences of the '%' character, causing it to
consume a large amount of CPU resources.

- The 'pna-proxy' module (TCP port 1090) has an infinite
loop vulnerability when it receives a data block size
larger than the amount of data that is actually sent.

A remote attacker can reportedly freeze the server after fifteen or
more attempts to exploit these vulnerabilities.

See also :


Solution :

Upgrade to JanaServer 2.4.5 or later.

Risk factor :

High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.4
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 15862 (jana_server_dos.nasl)

Bugtraq ID: 11780


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now