[Snort-sigs] Unify eWave ServletExec DoS

Keith Pachulski Keith.Pachulski at ...2...
Tue Oct 31 09:36:06 EST 2000


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

alert tcp !$HOME_NET any -> $HOME_NET 80 (msg:"Unify eWave
ServletExec DoS"; flags:PA content:"servlet/ServletExec")

Unify eWave ServletExec DoS
       
        For example, if ServletExec is running on 10.0.0.1 as a plug-
        in to a web server on port 80, an attacker can open a
        connection to port 80 and make the following GET request that
        causes the servlet engine to terminate abruptly.

        nc 10.0.0.1 80
        GET /servlet/ServletExec HTTP/1.0

        Or simply access the URL http://10.0.0.1/servlet/ServletExec
        from a browser to the same effect.

        ServletExec generates java.net.BindException and kills the
        servlet engine.

Keith Pachulski
Network Security Engineer
PenTeleData Internet Services
Phone: (800) 281-3564 ext. 277
URL: http://www.engr.ptd.net
PGP Key: http://www.protectors.cc/pgpkey.txt

"A Firewall is really much like a sophisticated traffic cop; it
detects and stops unauthorized or suspicious movement in or out of
the network. But security is more than a Firewall; it's a process.
You can't just put in a Firewall and think you're secure."

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBOf7Z2+GTq6qVSXTQEQI1ugCgsE9pdhVWqT6bQzDU5okXht4KRr8An3v8
uXyoDmUm6Utu6fxS2ZuG9GKF
=37JR
-----END PGP SIGNATURE-----



More information about the Snort-sigs mailing list