Signature Detail

Short Name	HTTP:OVERFLOW:JANA-PRXY-OF1
Severity	Medium
Recommended	No
Category	HTTP
Keywords	JanaServer HTTP Proxy Version Buffer Overflow
Release Date	2003/04/22
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: JanaServer HTTP Proxy Version Buffer Overflow

This signature detects attempts to exploit a known vulnerability against JanaServer HTTP Server, an Internet gateway for Windows. JanaServer 2.21 and prior are vulnerable. Attackers can send a maliciously crafted GET request to overflow the buffer.

Extended Description

Jana Server is a server for Microsoft Windows based systems. Jana Server provides a wide range of proxy servers, and a number of other services. A SMTP gateway service is provided. A buffer overflow vulnerability has been reported in the SMTP gateway service. A malicious server may return an oversized reply to Jana Server. This may result in the corruption of process memory, and the vulnerable server crashing.

Affected Products

T. Hauck Jana Webserver 1.0.0
T. Hauck Jana Webserver 1.45.0
T. Hauck Jana Webserver 1.46.0
T. Hauck Jana Webserver 2.0.0
T. Hauck Jana Webserver 2.0.0 Beta1
T. Hauck Jana Webserver 2.0.0 Beta2
T. Hauck Jana Webserver 2.2.1

References

BugTraq: 5324
CVE: CVE-2002-1061
URL: http://online.securityfocus.com/archive/1/284473
URL: http://www.iss.net/security_center/static/9685.php
URL: http://nvd.nist.gov/nvd.cfm?cvename=CAN-2002-1061

Signature Detail

Short Name

Severity

Recommended

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: JanaServer HTTP Proxy Version Buffer Overflow

Extended Description

Affected Products

References