Pi3Web Overly Long HTTP Request Denial Of Service Vulnerability

Bugtraq ID:	23713
Class:	Input Validation Error
CVE:	CVE-2007-2415
Remote:	Yes
Local:	No
Published:	Apr 30 2007 12:00AM
Updated:	May 07 2015 05:39PM
Credit:	Gaurav Deshpande is credited with the discovery of this vulnerability.
Vulnerable:	Pi3Web Pi3Web 2.0.3
Not Vulnerable:	Pi3Web Server 2.0.3 PL2

Pi3Web Overly Long HTTP Request Denial Of Service Vulnerability

Pi3Web is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to terminate the affected application, denying service to legitimate users.

Pi3Web 2.0.3 for Windows is vulnerable; earlier versions may also be affected.

Pi3Web Overly Long HTTP Request Denial Of Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Pi3Web Overly Long HTTP Request Denial Of Service Vulnerability

Solution:
The vendor has released version 2.0.3 PL2 to address this issue; please see the references for details.


Pi3Web Pi3Web 2.0.3

• Pi3Web Pi3Web-x86Win32-2_0_3-pl2.zip
  http://downloads.sourceforge.net/pi3web/Pi3Web-x86Win32-2_0_3-pl2.zip

Pi3Web Overly Long HTTP Request Denial Of Service Vulnerability

References:

• Pi3Web Homepage (Pi3.org)