Mission and Overview
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).
Resource Status
NVD contains:
CVE Vulnerabilities
38433
Checklists
128
US-CERT Alerts
179
US-CERT Vuln Notes
2345
OVAL Queries
2517
CPE Names
17819

Last updated: Tue Aug 25 22:15:42 EDT 2009

CVE Publication rate: 17.47

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index

Vulnerability Workload Index: 10.37

About Us
NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security's National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).

National Cyber-Alert System

Vulnerability Summary for CVE-2007-0120

Original release date:01/09/2007
Last revised:11/15/2008
Source: US-CERT/NIST

Overview

Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlier allows remote attackers to cause a denial of service (application crash) via multiple HTTP requests containing invalid Content-Length values.

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:1.9 (LOW) (AV:L/AC:M/Au:N/C:N/I:N/A:P) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 3.4
CVSS Version 2 Metrics:
Access Vector: Locally exploitable
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type:Allows disruption of serviceUnknown

Vendor Statments (disclaimer)

Official Statement from Acunetix Limited (01/31/2007)
Information about HTTP Sniffer: The HTTP Sniffer is an in-build proxy server in Acunetix WVS which purpose is to analyse web traffic between a web client (browser) and a web server. By default this tool is not enabled and when enabled it accepts traffic only from the same computer running Acunetix WVS (Localhost). The default TCP port used in 8080. This means that when the HTTP Sniffer is enabled, it is only enabled on the local network interface and no one from the network can access the HTTP Sniffer port. How the exploit works: The exploit works by sending a specially crafted packet containing an invalid Content-Length field in the HTTP header to the TCP port on which the HTTP Sniffer is listening. This causes the application to crash (Denial of Service). Since the HTTP Sniffer component by default is enabled only on the local network interface, it is not possible to take advantage of this exploit remotely. The user has to manually change the listening interface from within the application’s configuration to make the HTTP Sniffer available on the network for this exploit to work remotely. Solution: Upgrade to the latest version of Acunetix WVS (v4.0 build 20060717 or later)

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: XF
Name: acunetix-content-length-dos(31279)
Type: Patch Information
Hyperlink:http://xforce.iss.net/xforce/xfdb/31279
External Source: BID
Name: 21898
Hyperlink:http://www.securityfocus.com/bid/21898
External Source: MILW0RM
Name: 3078
Type: Advisory
Hyperlink:http://www.milw0rm.com/exploits/3078
External Source: OSVDB
Name: 37580
Hyperlink:http://osvdb.org/37580
External Source: MILW0RM
Name: 3078
Hyperlink:http://milw0rm.com/exploits/3078

Vulnerable software and versions

Nav control imageConfiguration 1
spacerNav control imageOR
spacerspacerNav control image* cpe:/a:acunetix:web_vulnerability_scanner:4.0_build_2006-07-17 and previous versions
* Denotes Vulnerable Software
* Changes related to vulnerability configurations

Technical Details

Vulnerability Type (View All)
CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0120