Vulnerability Details : CVE-2004-0331
Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows remote attackers to cause a denial of service (crash) via a HTTP POST with a long application variable.
Vulnerability category: OverflowDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2004-0331
Probability of exploitation activity in the next 30 days: 95.24%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2004-0331
-
Dell OpenManage POST Request Heap Overflow (win32)
Disclosure Date : 2004-02-26auxiliary/dos/http/dell_openmanage_postThis module exploits a heap overflow in the Dell OpenManage Web Server (omws32.exe), versions 3.2-3.7.1. The vulnerability exists due to a boundary error within the handling of POST requests, where the application input is set to an overly long file name. This module will crash the web server, however it is likely exploitable under certain conditions. Authors: - aushack <[email protected]>
CVSS scores for CVE-2004-0331
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
[email protected] |
References for CVE-2004-0331
Products affected by CVE-2004-0331
- cpe:2.3:a:dell:openmanage:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:dell:openmanage:3.7:*:*:*:*:*:*:*
- cpe:2.3:a:dell:openmanage:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:dell:openmanage:3.7.1:*:*:*:*:*:*:*