Update of /usr/local/cvs/nessus-plugins/scripts
In directory raccoon.nessus.org:/tmp/cvs-serv77410
Modified Files:
iis_buffer_overflow.nasl
Log Message:
o Several proxies close the connection whenever they see a too long URL. This
fix resolves a false positive against an Apache server protected by a transparent
proxy
Index: iis_buffer_overflow.nasl
===================================================================
RCS file: /usr/local/cvs/nessus-plugins/scripts/iis_buffer_overflow.nasl,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -d -r1.26 -r1.27
--- iis_buffer_overflow.nasl 14 Jan 2003 09:55:52 -0000 1.26
+++ iis_buffer_overflow.nasl 14 Jan 2003 16:22:25 -0000 1.27
@@ -78,14 +78,23 @@
if(http_is_dead(port:port))exit(0);
- data = http_get(item:string(crap(4096), ".htr"), port:port);
+ data1 = http_get(item:string(crap(4096), ".html"), port:port);
+ data2 = http_get(item:string(crap(4096), ".htr"), port:port);
soc = http_open_socket(port);
if(soc)
{
- send(socket:soc, data:data);
+ send(socket:soc, data:data1);
b = recv_line(socket:soc, length:4096);
http_close_socket(soc);
+ if(!strlen(b))exit(0);
+
+ soc = http_open_socket(port);
+ if(!soc)exit(0);
+ send(socket:soc, data:data2);
+ b = recv_line(socket:soc, length:4096);
+ http_close_socket(soc);
if(!strlen(b))security_hole(port);
+
In directory raccoon.nessus.org:/tmp/cvs-serv77410
Modified Files:
iis_buffer_overflow.nasl
Log Message:
o Several proxies close the connection whenever they see a too long URL. This
fix resolves a false positive against an Apache server protected by a transparent
proxy
Index: iis_buffer_overflow.nasl
===================================================================
RCS file: /usr/local/cvs/nessus-plugins/scripts/iis_buffer_overflow.nasl,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -d -r1.26 -r1.27
--- iis_buffer_overflow.nasl 14 Jan 2003 09:55:52 -0000 1.26
+++ iis_buffer_overflow.nasl 14 Jan 2003 16:22:25 -0000 1.27
@@ -78,14 +78,23 @@
if(http_is_dead(port:port))exit(0);
- data = http_get(item:string(crap(4096), ".htr"), port:port);
+ data1 = http_get(item:string(crap(4096), ".html"), port:port);
+ data2 = http_get(item:string(crap(4096), ".htr"), port:port);
soc = http_open_socket(port);
if(soc)
{
- send(socket:soc, data:data);
+ send(socket:soc, data:data1);
b = recv_line(socket:soc, length:4096);
http_close_socket(soc);
+ if(!strlen(b))exit(0);
+
+ soc = http_open_socket(port);
+ if(!soc)exit(0);
+ send(socket:soc, data:data2);
+ b = recv_line(socket:soc, length:4096);
+ http_close_socket(soc);
if(!strlen(b))security_hole(port);
+