Test ID:	1.3.6.1.4.1.25623.1.0.10930
Category:	Denial of Service
Title:	HTTP Windows 98 MS/DOS device names DOS
Summary:	It was possible to freeze or reboot Windows by; reading a MS/DOS device through HTTP, using a file name like CON\CON, AUX.htm or AUX.
Description:	Summary: It was possible to freeze or reboot Windows by reading a MS/DOS device through HTTP, using a file name like CON\CON, AUX.htm or AUX. Vulnerability Impact: An attacker may use this flaw to make your system crash continuously, preventing you from working properly. Affected Software/OS: Known vulnerable servers: vWebServer v1.2.0 (and others?) AnalogX SimpleServer:WWW 1.08 (CVE-2001-0386) Small HTTP server 2.03 (CVE-2001-0493) acWEB HTTP server? Xitami Web Server (BID:2622, CVE-2001-0391) Jana Web Server (BID:2704, CVE-2001-0558) Cyberstop Web Server (BID:3929, CVE-2002-0200) General Windows MS-DOS Device (BID:1043, CVE-2000-0168) Apache < 2.0.44 (CVE-2003-0016) Domino 5.0.7 and earlier (CVE-2001-0602, BID: 2575) Darwin Streaming Server v4.1.3e (CVE-2003-0421) Darwin Streaming Server v4.1.3f (CVE-2003-0502) Solution: Upgrade the system or use a HTTP server that filters those names out. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2001-0386 BugTraq ID: 2608 http://www.securityfocus.com/bid/2608 Bugtraq: 20010417 Advisory for SimpleServer:WWW (analogX) (Google Search) http://www.securityfocus.com/archive/1/177156 http://www.osvdb.org/3781 XForce ISS Database: analogx-simpleserver-aux-dos(6395) https://exchange.xforce.ibmcloud.com/vulnerabilities/6395 Common Vulnerability Exposure (CVE) ID: CVE-2001-0493 BugTraq ID: 2649 http://www.securityfocus.com/bid/2649 Bugtraq: 20010424 Advisory for Small HTTP Server (Google Search) http://archives.neohapsis.com/archives/bugtraq/2001-04/0428.html XForce ISS Database: small-http-aux-dos(6446) https://exchange.xforce.ibmcloud.com/vulnerabilities/6446 Common Vulnerability Exposure (CVE) ID: CVE-2001-0391 Bugtraq: 20010417 Advisory for Xitami 2.4d7, 2.5d4 (Google Search) http://archives.neohapsis.com/archives/bugtraq/2001-04/0277.html Common Vulnerability Exposure (CVE) ID: CVE-2001-0558 BugTraq ID: 2704 http://www.securityfocus.com/bid/2704 Bugtraq: 20010507 Advisory for Jana server (Google Search) http://archives.neohapsis.com/archives/bugtraq/2001-05/0086.html http://www.osvdb.org/1817 XForce ISS Database: jana-server-device-dos(6521) https://exchange.xforce.ibmcloud.com/vulnerabilities/6521 Common Vulnerability Exposure (CVE) ID: CVE-2002-0200 BugTraq ID: 3929 http://www.securityfocus.com/bid/3929 Bugtraq: 20020122 CyberStop-Server-DoS-remote-attacks (Google Search) http://marc.info/?l=bugtraq&m=101174569103289&w=2 http://www.iss.net/security_center/static/7959.php Common Vulnerability Exposure (CVE) ID: CVE-2000-0168 BugTraq ID: 1043 http://www.securityfocus.com/bid/1043 Bugtraq: 20000306 con\con is a old thing (anyway is cool) (Google Search) http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCENECCAA.labs@ussrback.com Microsoft Security Bulletin: MS00-017 http://www.securityfocus.com/templates/advisory.html?id=2126 XForce ISS Database: win-dos-devicename-dos Common Vulnerability Exposure (CVE) ID: CVE-2003-0016 BugTraq ID: 6659 http://www.securityfocus.com/bid/6659 CERT/CC vulnerability note: VU#825177 http://www.kb.cert.org/vuls/id/825177 CERT/CC vulnerability note: VU#979793 http://www.kb.cert.org/vuls/id/979793 http://marc.info/?l=apache-httpd-announce&m=104313442901017&w=2 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E XForce ISS Database: apache-device-code-execution(11125) https://exchange.xforce.ibmcloud.com/vulnerabilities/11125 XForce ISS Database: apache-device-name-dos(11124) https://exchange.xforce.ibmcloud.com/vulnerabilities/11124 Common Vulnerability Exposure (CVE) ID: CVE-2001-0602 Bugtraq: 20010411 def-2001-20: Lotus Domino Multiple DoS (Google Search) http://archives.neohapsis.com/archives/bugtraq/2001-04/0174.html XForce ISS Database: lotus-domino-device-dos(6348) https://exchange.xforce.ibmcloud.com/vulnerabilities/6348 Common Vulnerability Exposure (CVE) ID: CVE-2003-0421 http://www.rapid7.com/advisories/R7-0015.html http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html Common Vulnerability Exposure (CVE) ID: CVE-2003-0502
Copyright	Copyright (C) 2001 Michel Arboi

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.