HTTP: BadBlue Invalid GET Denial of Service
This signature detects attempts to exploit a known vulnerability against Working Resources BadBlue Web server. Attackers can send a maliciously crafted HTTP GET request to the Web server to disable the daemon and render it unusable until restarted.
Extended Description
Working Resources BadBlue is reportedly prone to a denial of service condition when handling malformed GET requests. It has been discovered that BadBlue does not properly handle requests that do not adhere to RFC standards. When a user connects to BadBlue via the listening port, and issues a "GET HTTP/1.0" request without specifying a document, BadBlue becomes unstable. In most cases, the process will crash.
Affected Products
Working_resources_inc. badblue_enterprise_edition
Short Name
HTTP:BADBLUE:INVALID-GET-DOS
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
BadBlue CVE-2002-1023 Denial GET Invalid Service bid:5187 of
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Working_resources_inc.
CVSS Score
5.0