BID:13322

OneWorldStore CHKSettings.ASP Remote Denial Of Service Vulnerability

Info

OneWorldStore CHKSettings.ASP Remote Denial Of Service Vulnerability

Bugtraq ID:	13322
Class:	Failure to Handle Exceptional Conditions
CVE:
Remote:	Yes
Local:	No
Published:	Apr 22 2005 12:00AM
Updated:	Apr 22 2005 12:00AM
Credit:	Discovery of this issue is credited to Lostmon.
Vulnerable:	OneWorldStore OneWorldStore

Not Vulnerable:

Discussion

OneWorldStore CHKSettings.ASP Remote Denial Of Service Vulnerability

OneWorldStore is prone to a remote denial of service vulnerability. The issue manifests when a request is made for the 'chksettings.asp' script.

A remote attacker may exploit this issue to deny service for legitimate users.

Exploit / POC

OneWorldStore CHKSettings.ASP Remote Denial Of Service Vulnerability

No exploit is required.

Solution / Fix

OneWorldStore CHKSettings.ASP Remote Denial Of Service Vulnerability

Solution:
The vendor recommends that customers fix this issue by removing the affected file '/owConnections/chksettings.asp'. OneWorldStore Editions no longer employ the affected file.

References

OneWorldStore CHKSettings.ASP Remote Denial Of Service Vulnerability

References:

OneWorldStore Critical Failure (Lostmon)
OneWorldStore Homepage (OneWorldStore)
Security Advisory: April_20_2005_Lostmon (OneWorldStore)