Polycom ViaVideo Web server multiple incomplete requests denial of service
| viavideo-inc-request-dos (10360) |  Medium Risk |
Description:
Polycom ViaVideo is vulnerable to a denial of service attack. A remote attacker could send multiple incomplete HTTP requests to the Web server listing on port 3603 to cause the server to consume 100% of the available CPU resources and deny any new connections.
Consequences:
Denial of Service
Remedy:
Refer to Polycom Security Advisory 02-002 for patch and workaround information. See References.
References:
- BugTraq Mailing List, 2002-10-13 19:27:54: Security vulnerabilities in Polycom ViaVideo Web component.
- Polycom Security Advisory 02-002: Preventing Vulnerabilities in ViaVideo Web Interface .
- BID-5962: Polycom ViaVideo Denial Of Service Vulnerability
- CVE-2002-1906: The web server for Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (CPU consumption) by sending incomplete HTTP requests and leaving the connections open.
Platforms Affected:
- Polycom ViaVideo 2.2
- Polycom ViaVideo 3.0
Reported:
Oct 13, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net