Maxpatrol 8 / Xspider Denial Of Service

2021.09.21
Credit: AsCiI
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: Positive Technologies Maxpatrol 8 & Xspider Remote DoS (Force clients disconect) # Date: 2020-08-20 # Exploit Author: AsCiI # Vendor Homepage: https://www.ptsecurity.com/ # # Affected Positive Technologies Maxpatrol 8 & Xspider Scanners # Vulnerability reported in 09.2020. No reply from vendor. Tested on the newest release in 08.2020 probably bug not fixed # MP8&Xspider uses 2002 default port for client—č connections. # 1. Connect to server with MP8 client # 2. Go to any browser (I've used Chrome) on https://[server]:2002 # 3. Press f5 endlessly # 4. It takes 1-4 munutes to crash MP8 # As 1 guess, every connection get randomly generated ID # When there to much connections, you've got a chance to get # present ID for a new connection.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top