CVE-2004-0331
published 2004-11-23CVE-2004-0331: Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows remote attackers to cause a denial of service (crash) via a HTTP POST with a long…
PriorityP431medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
15.83%
96.5th percentile
Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows remote attackers to cause a denial of service (crash) via a HTTP POST with a long application variable.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | openmanage | — | — |
| dell | openmanage | — | — |
| dell | openmanage | — | — |
| dell | openmanage | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect oversized HTTP POST requests targeting Dell OpenManage Web Server; the overflow is triggered by an excessively long application/file name variable in the POST body ↗
- →Monitor for unexpected crashes or termination of the omws32.exe process following inbound HTTP POST requests, which may indicate exploitation attempts ↗
- ·Affected versions span a wider range (3.2–3.7.1) than the single version cited in the CVE description; ensure detection/patching coverage includes all versions in this range ↗
- ·The Metasploit module is classified as a DoS auxiliary but notes the vulnerability may be further exploitable beyond a crash under certain conditions ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=107781539829143&w=2http://sh0dan.org/files/domadv.txthttp://www.securityfocus.com/bid/9750https://exchange.xforce.ibmcloud.com/vulnerabilities/15325http://marc.info/?l=bugtraq&m=107781539829143&w=2http://sh0dan.org/files/domadv.txthttp://www.securityfocus.com/bid/9750https://exchange.xforce.ibmcloud.com/vulnerabilities/15325
2004-11-23
Published