Behold! Software Counter.exe远程拒绝服务攻击漏洞-安全小百科

Behold! Software Counter.exe远程拒绝服务攻击漏洞

漏洞ID	1105453	漏洞类型	输入验证
发布时间	1999-05-19	更新时间	2005-10-20
CVE编号	CVE-1999-1030	CNNVD-ID	CNNVD-199905-037
漏洞平台	Multiple	CVSS评分	5.0

|漏洞来源

https://www.exploit-db.com/exploits/19212
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199905-037

|漏洞详情

Counter.exe是Behold!Software出的一个Web计数器产品。Counter.exe存在一个问题，可被远程入侵者用来拒绝服务。恶意用户可以提交一个类似”http://www.example.com/scripts/counter.exe?%0A”的畸形请求进行攻击。类似的，提交http://www.example.com/scripts/counter.exe?AAAAAA……后面跟上超过2200个A的请求也会导致拒绝服务。所有的请求都会存在队列中，直到错误被清除。系统内存会被一直消耗。

|漏洞EXP

source: http://www.securityfocus.com/bid/267/info

A set of vulnerabilities in the counter.exe web hit counter program enables denial of service attacks.

A malicious user can create a malformed like ",1" entry in the counter.log file by requesting a URL of the form "http://www.example.com/scripts/counter.exe?%0A". Any further attempt for request will result in an Access Violation in counter.exe.

A similar vulnerability exists if a user requests a URL of the form "http://www.example.com/scripts/counter.exe?AAAAA" with over 2200 A's.

All further requests for counter.exe are queued and are not processed until the error messages are cleared at the console. System memory may be decremented each time a request for counter.exe is queued.

|参考资料

来源:BID
名称:267
链接:http://www.securityfocus.com/bid/267
来源:NTBUGTRAQ
名称:19990519DenialofServiceinCounter.exeversion2.70
链接:http://marc.theaimsgroup.com/?l=ntbugtraq&m;=92707671717292&w;=2
来源:BUGTRAQ
名称:19990519DenialofServiceinCounter.exeversion2.70
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=92713790426690&w;=2
来源：NSFOCUS
名称：3947
链接：http://www.nsfocus.net/vulndb/3947

相关推荐: Land Down Under Events.PHP HTML Injection Vulnerability

Land Down Under Events.PHP HTML Injection Vulnerability 漏洞ID 1096004 漏洞类型 Input Validation Error 发布时间 2005-09-06 更新时间 2005-09-06 C…

文章版权归作者所有，未经允许请勿转载。

THE END