| VID |
22317 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The relevant host is running a version of NetworkActive Web Server which is older or equal to 1.0. NetworkActiv Web Server is a simple and easy to use web server (HTTP server). NetworkActiv Web Server versions 1.0 prior to 28 September 2004 are vulnerable to a remote denial of service vulnerability, caused by an input validation error when handling HTTP requests. This vulnerability could be exploited to cause a vulnerable server to consume a large amount of CPU resources by sending an HTTP GET request containing the URL encoded representation of the "%" character (%25).
* Note: This check solely relied on the banner of the remote HTTP server to assess this vulnerability, so this might be a False Positive.
* References:
http://secunia.com/advisories/12719/
* Platforms Affected:
NetworkActiv Web Server versions 1.0 prior to 28 September 2004
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of NetworkActiv Web Server (1.0 dated 2004/09/28 or later), available from the NetworkActiv Web Server Web site at http://www.networkactiv.com/WebServer.html |
| Related URL |
(CVE) |
| Related URL |
11326 (SecurityFocus) |
| Related URL |
17599 (ISS) |
|
