Multiple Vendor MIME Header DoS Vulnerability

Bugtraq ID:	1760
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-1999-0925 CVE-1999-0926
Remote:	Yes
Local:	Yes
Published:	Sep 03 1998 12:00AM
Updated:	Jul 11 2009 03:56AM
Credit:	The Apache DoS was originally discovered by Laurent Facq <[email protected]> on September 3, 1998. Additional information regarding UnityMail provided by Daniel Leeds <[email protected]>.
Vulnerable:	MessageMedia UnityMail 2.0 - Microsoft Windows NT 4.0 Apache Apache 1.3.1 Apache Apache 1.2.5
Not Vulnerable:

Multiple Vendor MIME Header DoS Vulnerability

Apache Web Server and MessageMedia UnityMail are susceptible to a denial of service attack if a significant amount of 8000 byte MIME headers are sent. Both will crash and restart of the application is required in order to regain normal functionality. Other web servers may be also be vulnerable to this attack.

Multiple Vendor MIME Header DoS Vulnerability

Laurent Facq <[email protected]> has released the following exploit:

• /data/vulnerabilities/exploits/mimeflood.pl

Multiple Vendor MIME Header DoS Vulnerability

Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

Multiple Vendor MIME Header DoS Vulnerability

References:

• Apache Software Foundation Homepage (Apache Software Foundation)
  
• UnityMail Product Homepage (MessageMedia)