| VID |
22319 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The relevant host is running a version of FastStream Web Server which is older than 7.1.3. Fastream NETFile Web Server is multi-threaded Web server for Microsoft Windows 2000/XP/2003. Fastream NETFile Server versions 7.1.2 and earlier are vulnerable to a denial of service attack, caused by improper processing of 'keepalive' connection timeouts for HTTP HEAD requests. By creating many simultaneous HTTP HEAD requests to the vulnerable server, a remote attacker could make it to consume all available connections and deny service to other users.
* Note: This check solely relied on the banner of the remote HTTP server to assess this vulnerability, so this might be a False Positive.
* References:
http://securitytracker.com/alerts/2004/Nov/1012267.html
* Platforms Affected:
Fastream Technologies, Fastream NETFile Server versions 7.1.2 and earlier
Microsoft Windows 2000 Any version
Microsoft Windows XP
Microsoft Windows 2003 Server |
| Recommendation |
Upgrade to the latest version of Fastream NETFile Server (7.1.3 or later), available from the Fastream Technologies Web site http://www.fastream.com/netfileserver.htm |
| Related URL |
CVE-2004-2534 (CVE) |
| Related URL |
11687 (SecurityFocus) |
| Related URL |
18192 (ISS) |
|
