CVE-2004-2120
published 2004-01-23CVE-2004-2120: Reptile Web Server allows remote attackers to cause a denial of service (CPU consumption) via multiple incomplete GET requests without the HTTP version.
PriorityP418medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
3.06%
86.0th percentile
Reptile Web Server allows remote attackers to cause a denial of service (CPU consumption) via multiple incomplete GET requests without the HTTP version.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| reptile_web_server | reptile_web_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Axis Network Camera 2.x And Video Server 1-3 - 'virtualinput.cgi' Arbitrary Command Execution
exploitdb·2004-08-23
CVE-2004-2425 Axis Network Camera 2.x And Video Server 1-3 - 'virtualinput.cgi' Arbitrary Command Execution
Axis Network Camera 2.x And Video Server 1-3 - 'virtualinput.cgi' Arbitrary Command Execution
---
source: https://www.securityfocus.com/bid/11011/info
1. A shell metacharacter command-execution vulnerability allows an anonymous user to download the contents of the '/etc/passwd' file on the device. Other commands are also likely to work, facilitating other attacks.
This issue is reported to affect:
- Axis 2100, 2110, 2120, 2420 network cameras with firmware versions 2.34 thru 2.40
- Axis 2130 network cameras
- Axis 2401 and 2401 video servers
http://www.example.com/axis-cgi/io/virtualinput.cgi?\x60cat/mnt/flash/etc/httpd/html/passwd\x60
Exploit-DB
Reptile Web Server Reptile Web Server 20020105 - Denial of Service
exploitdb·2004-01-23
CVE-2004-2120 Reptile Web Server Reptile Web Server 20020105 - Denial of Service
Reptile Web Server Reptile Web Server 20020105 - Denial of Service
---
source: https://www.securityfocus.com/bid/9482/info
Reptile has been reported prone to a remote denial of service vulnerability. It has been reported that this issue exists because the affected server does not time out on incomplete requests. A remote attacker may exploit this vulnerability to deny service to legitimate users.
To test the vulnerability simply send to the webserver some (about 10)
strings like:
GET index.htm
without specify the HTTP* at the end of the GET request, and where
the requested file must be avaible in the public_html directory.
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=107497355713434&w=2http://securitytracker.com/id?1008842http://www.autistici.org/fdonato/advisory/reptilewsDailyVersion-adv.txthttp://www.securityfocus.com/bid/9482https://exchange.xforce.ibmcloud.com/vulnerabilities/14932http://marc.info/?l=bugtraq&m=107497355713434&w=2http://securitytracker.com/id?1008842http://www.autistici.org/fdonato/advisory/reptilewsDailyVersion-adv.txthttp://www.securityfocus.com/bid/9482https://exchange.xforce.ibmcloud.com/vulnerabilities/14932
2004-01-23
Published