Maxpatrol 8 / Xspider Denial Of Service

2021.09.21

Credit: AsCiI

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title: Positive Technologies Maxpatrol 8 & Xspider Remote DoS (Force clients disconect)
# Date: 2020-08-20
# Exploit Author: AsCiI
# Vendor Homepage: https://www.ptsecurity.com/
#
# Affected Positive Technologies Maxpatrol 8 & Xspider Scanners
# Vulnerability reported in 09.2020. No reply from vendor. Tested on the newest release in 08.2020 probably bug not fixed
# MP8&Xspider uses 2002 default port for clientы connections.
# 1. Connect to server with MP8 client
# 2. Go to any browser (I've used Chrome) on https://[server]:2002
# 3. Press f5 endlessly
# 4. It takes 1-4 munutes to crash MP8
# As 1 guess, every connection get randomly generated ID
# When there to much connections, you've got a chance to get
# present ID for a new connection.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Maxpatrol 8 / Xspider Denial Of Service

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.