Overview
Monit fails to properly handle HTTP requests containing a negative Content-Length field.
Description
Monit is a utility to monitor system processes, files, directories, devices, and remote hosts. It provides a web-based interface that can be used to access the Monit server. When processing HTTP requests, Monit fails to properly sanitize the Content-Length field. By supplying a negative value for the Content-Length field of an HTTP request, an unauthenticated, remote attacker could cause the Monit daemon to crash. |
Impact
A remote, unauthenticated attacker could cause the Monit daemon to crash, resulting in a denial-of-service condition. |
Solution
Upgrade Upgrade to Monit version 4.1.1 or later. |
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
Acknowledgements
This vulnerability was reported by Evgeny Legerov of S-Quadra.
This document was written by Damon Morda.
Other Information
CVE IDs: | None |
Severity Metric: | 1.27 |
Date Public: | 2004-03-31 |
Date First Published: | 2004-04-06 |
Date Last Updated: | 2004-04-06 14:14 UTC |
Document Revision: | 16 |