Vulnerability Details : CVE-2004-0331
Public exploit exists!
Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows remote attackers to cause a denial of service (crash) via a HTTP POST with a long application variable.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2004-0331
- cpe:2.3:a:dell:openmanage:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:dell:openmanage:3.7:*:*:*:*:*:*:*
- cpe:2.3:a:dell:openmanage:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:dell:openmanage:3.7.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-0331
95.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2004-0331
-
Dell OpenManage POST Request Heap Overflow (win32)
Disclosure Date: 2004-02-26First seen: 2020-04-26auxiliary/dos/http/dell_openmanage_postThis module exploits a heap overflow in the Dell OpenManage Web Server (omws32.exe), versions 3.2-3.7.1. The vulnerability exists due to a boundary error within the handling of POST requests, where the application input is set to an overly long file name. Thi
CVSS scores for CVE-2004-0331
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
References for CVE-2004-0331
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/15325
-
http://sh0dan.org/files/domadv.txt
-
http://www.securityfocus.com/bid/9750
Dell OpenManage Web Server POST Request Heap Overflow VulnerabilityPatch;Vendor Advisory
-
http://marc.info/?l=bugtraq&m=107781539829143&w=2
Jump to