Snort-alerts/WEB-MISC-Compaq-web-based-management-agent-denial-of-service-attempt
WEB-MISC Compaq web-based management agent denial of service attempt
Identification
| Id | 2394 |
|---|---|
| Alert | WEB-MISC Compaq web-based management agent denial of service attempt |
| Classification | web-application-attack |
Trigger
Compaq Web-Based Management Agent is used to perform remote system administration for Windows hosts. A vulnerability exists in the software when traffic is sent to access to Compaq Web-Based Management Agent that contains a malformed request, possibly causing the service to crash. URL requests that contain the characters "<!>" or "<!" followed by arguments followed by ">" cause the denial of service to occur. Note that the rule uses an initial keyword of "content" instead of "uricontent" since uricontent only examines web server ports identified in the pre-processor http_inspect in the configuration setup. Default configurations do not include port 2301 as a web server port, preventing the event from being generated.
Affected systems
Host running Compaq Web-Based Management Agent.
Impact
Denial of Service
False positives
None known
Scenario
An attacker can send a malformed request to the listening service, causing the system to crash.
Example
Thank you for your comprehension.
Corrective actions
Block inbound port 2301 traffic or restrict access to known authorized IP addresses.