Re: [VulnWatch] KPMG-2002034: Jigsaw Webserver DOS device DoS

From: Michel Arboi (arboi@yahoo.com)
Date: 07/18/02


Date: Thu, 18 Jul 2002 00:40:15 +0200 (CEST)
From: Michel Arboi <arboi@yahoo.com>
To: "Peter_Gründl" <pgrundl@kpmg.dk>, vulnwatch <vulnwatch@vulnwatch.org>


 --- Peter_Gründl <pgrundl@kpmg.dk> a écrit :
> A malicious user can tie up working threads on the web server. when
> the web server runs out of working threads, the web server will no
> longer service web requests.

FYI, I just wrote a Nessus plugin for this but did not test it against
Jigsaw yet. It just test the DoS and doesn't look at the banner ("safe
checks" mode)
Cf. jigsaw_msdos_dev_DoS.nasl

___________________________________________________________
Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
Yahoo! Mail : http://fr.mail.yahoo.com



Relevant Pages