JanaServer < 2.4.5 Multiple Remote DoS
High Nessus Plugin ID 15862
SynopsisThe remote service has multiple denial of service vulnerabilities.
DescriptionAccording to its banner, the version of JanaServer running on the remote host has the following denial of service vulnerabilities :
- The 'http-server' module (TCP port 2506) does not correctly process requests containing a lot of occurences of the '%' character, causing it to consume a large amount of CPU resources.
- The 'pna-proxy' module (TCP port 1090) has an infinite loop vulnerability when it receives a data block size larger than the amount of data that is actually sent.
A remote attacker can reportedly freeze the server after fifteen or more attempts to exploit these vulnerabilities.
SolutionUpgrade to JanaServer 2.4.5 or later.