header-logo
Suggest Exploit
vendor:
HTTP Server and Websphere
by:
SecurityFocus
7.5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: HTTP Server and Websphere
Affected Version From: IBM HTTP Server and Websphere
Affected Version To: IBM HTTP Server and Websphere
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

IBM HTTP Server and Websphere Denial of Service Vulnerability

IBM HTTP Server and Websphere are subject to a denial of service caused by exhausting computer resources with malformed HTTP GET requests. A restart of the service is required inorder to gain normal functionality. The exploit is triggered by sending a malformed HTTP GET request with the following syntax: GET / HTTP/1.0user-agent: 20000xnull

Mitigation:

Restart the service to gain normal functionality.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2175/info

IBM HTTP Server contains AfpaCache directive which turns the Fast Response Cache Accelerator function on or off. WebSphere is a series of applications which are built upon IBM HTTP Server.

Both IBM HTTP Server and Websphere are subject to a denial of service. This is caused by exhausting computer resources with malformed HTTP GET requests. A restart of the service is required inorder to gain normal functionality.

GET / HTTP/1.0\r\nuser-agent: 20000xnull\r\n\r\n

This request must be made multiple times before the system will freeze.

Navigation

Suggest Exploit

Services By CQR