DDIVRT-2008-18 Orb Denial of Service

2008.12.05
Credit: DDI.VulnerabilityAlert_at_ddifrontline.com
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2008-5564
CWE: NVD-CWE-noinfo


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

Title ----- DDIVRT-2008-18 Orb Denial of Service Severity -------- Medium Date Discovered --------------- October 21st 2008 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Steven James and r_at_b13$ Vulnerability Description ------------------------- Orb Networks' Orb media server is vulnerable to a denial of service condition. Sending malformed http requests may crash the service denying service to legitimate users. Solution Description -------------------- Use firewall rules to restrict access to authorized users of the Orb server. This issue has been fixed in version 2.01.0025, which is available on Orb's website. Tested Systems / Software (with versions) ------------------------------------------ Orb version 2.01.0017 on Windows XP Pro SP2 Nullsoft Winamp Remote Server Beta (featuring Orb version 2.01.0013) on Windows XP Pro SP2 Orb version 2.01.0020 on Windows XP Pro SP2 Vendor Contact -------------- Orb Networks http://www.orb.com

References:

http://www.securityfocus.com/archive/1/archive/1/498904/100/0/threaded


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top