JanaServer < 2.4.5 Multiple Remote DoS

High Nessus Plugin ID 15862


The remote service has multiple denial of service vulnerabilities.


According to its banner, the version of JanaServer running on the remote host has the following denial of service vulnerabilities :

- The 'http-server' module (TCP port 2506) does not correctly process requests containing a lot of occurences of the '%' character, causing it to consume a large amount of CPU resources.

- The 'pna-proxy' module (TCP port 1090) has an infinite loop vulnerability when it receives a data block size larger than the amount of data that is actually sent.

A remote attacker can reportedly freeze the server after fifteen or more attempts to exploit these vulnerabilities.


Upgrade to JanaServer 2.4.5 or later.

See Also


Plugin Details

Severity: High

ID: 15862

File Name: jana_server_dos.nasl

Version: $Revision: 1.10 $

Type: remote

Agent: windows

Family: Windows

Published: 2004/11/30

Modified: 2016/11/19

Dependencies: 10107

Risk Information

Risk Factor: High


Base Score: 7.8

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2004/11/30

Reference Information

BID: 11780

OSVDB: 12172, 12173

Secunia: 13333