| VID |
22311 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Jana Server, according to its banner, has multiple remote denial of service vulnerabilities. Jana Server 2 is a commercially available proxy server designed for the Microsoft Windows platforms. It contains support for services such as HTTP, FTP, email, and RealPlayer streaming. Jana Server versions 2.4.4 and earlier are vulnerable to multiple remote denial of service vulnerabilities. A remote attacker could send specially-crafted data to the http-server module listening on TCP port 2506 and the pna-proxy module listening on TCP port 1090 to cause the server to enter into an infinite loop, effectively denying service to legitimate users.
* Note: This check solely relied on the banner of the remote HTTP server to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2004-11/0395.html
http://packetstormsecurity.nl/0411-advisories/janados.txt
* Platforms Affected:
Thomas Hauck, Jana Server 2.4.4 and earlier
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Jana Server (2.4.5 or later), available from the Jana Server Web site at http://www.janaserver.de |
| Related URL |
(CVE) |
| Related URL |
11780 (SecurityFocus) |
| Related URL |
18308 (ISS) |
|
