Multiple Denial of Service Vulnerabilities in JanaServer 2

vendor:

JanaServer 2

by:

7.5

CVSS

HIGH

Denial of Service

CWE

Product Name: JanaServer 2

Affected Version From: JanaServer 2

Affected Version To: JanaServer 2

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows

Multiple Denial of Service Vulnerabilities in JanaServer 2

JanaServer 2, a commercially available proxy server for Windows, is vulnerable to multiple denial of service attacks. The vulnerabilities occur due to the application's inability to handle malformed network communications. The first vulnerability occurs when the application receives malformed HTTP requests, while the second vulnerability occurs when it processes malformed RealPlayer streaming data. An attacker can exploit these vulnerabilities to cause the proxy server to hang, resulting in a denial of service for legitimate users.

Mitigation:

No known mitigation at this time.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11780/info

JanaServer 2 is a commercially available proxy server designed for the Microsoft Windows platform. It contains support for services such as HTTP, FTP, email, and RealPlayer streaming.

Multiple remote denial of service vulnerabilities affect JanaServer 2. These issues are due to a failure of the application to handle malformed network communications.

The first issue presents itself when malformed HTTP requests are made to the affected application. The second issue presents itself when the application attempts to process malformed RealPlayer streaming data.

An attacker may leverage these issues to cause the affected proxy server to hang, effectively denying service to legitimate users.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/24793.zip