C++ Sockets Library HTTPSocket Class Remote Denial Of Service Vulnerability
BID:26361
Info
C++ Sockets Library HTTPSocket Class Remote Denial Of Service Vulnerability
| Bugtraq ID: | 26361 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2007-5893 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 05 2007 12:00AM |
| Updated: | Nov 16 2007 06:14PM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
C++ Sockets Library C++ Sockets Library 2.2.4 C++ Sockets Library C++ Sockets Library 2.2.3 C++ Sockets Library C++ Sockets Library 2.2.2 C++ Sockets Library C++ Sockets Library 2.2.1 C++ Sockets Library C++ Sockets Library 2.2 |
| Not Vulnerable: |
C++ Sockets Library C++ Sockets Library 2.2.5 |
Discussion
C++ Sockets Library HTTPSocket Class Remote Denial Of Service Vulnerability
'HTTPSocket' class in C++ Sockets Library is prone to a remote denial-of-service vulnerability because it fails to handle specially crafted HTML requests.
Remote attackers can exploit this issue to crash an application that uses the affected library, denying service to legitimate users.
This issue affects versions prior to C++ Sockets Library 2.2.5.
Note that all applications using the affected HTTPSocket class may be vulnerable.
'HTTPSocket' class in C++ Sockets Library is prone to a remote denial-of-service vulnerability because it fails to handle specially crafted HTML requests.
Remote attackers can exploit this issue to crash an application that uses the affected library, denying service to legitimate users.
This issue affects versions prior to C++ Sockets Library 2.2.5.
Note that all applications using the affected HTTPSocket class may be vulnerable.
Exploit / POC
C++ Sockets Library HTTPSocket Class Remote Denial Of Service Vulnerability
Attacker can use common tools to generate and send invalid HTTP requests that will exploit the issue.
Attacker can use common tools to generate and send invalid HTTP requests that will exploit the issue.
Solution / Fix
C++ Sockets Library HTTPSocket Class Remote Denial Of Service Vulnerability
Solution:
The vendor released C++ Sockets Library 2.2.5 to address this issue. Please see the references for more information.
C++ Sockets Library C++ Sockets Library 2.2
C++ Sockets Library C++ Sockets Library 2.2.1
C++ Sockets Library C++ Sockets Library 2.2.2
C++ Sockets Library C++ Sockets Library 2.2.3
C++ Sockets Library C++ Sockets Library 2.2.4
Solution:
The vendor released C++ Sockets Library 2.2.5 to address this issue. Please see the references for more information.
C++ Sockets Library C++ Sockets Library 2.2
-
C++ Sockets Library Sockets-2.2.5.tar.gz
http://www.alhem.net/Sockets/Sockets-2.2.5.tar.gz
C++ Sockets Library C++ Sockets Library 2.2.1
-
C++ Sockets Library Sockets-2.2.5.tar.gz
http://www.alhem.net/Sockets/Sockets-2.2.5.tar.gz
C++ Sockets Library C++ Sockets Library 2.2.2
-
C++ Sockets Library Sockets-2.2.5.tar.gz
http://www.alhem.net/Sockets/Sockets-2.2.5.tar.gz
C++ Sockets Library C++ Sockets Library 2.2.3
-
C++ Sockets Library Sockets-2.2.5.tar.gz
http://www.alhem.net/Sockets/Sockets-2.2.5.tar.gz
C++ Sockets Library C++ Sockets Library 2.2.4
-
C++ Sockets Library Sockets-2.2.5.tar.gz
http://www.alhem.net/Sockets/Sockets-2.2.5.tar.gz
References
C++ Sockets Library HTTPSocket Class Remote Denial Of Service Vulnerability
References:
References:
- C++ Sockets Library 2.2.5 Release Notes (C++ Sockets Library)
- C++ Sockets Library Homepage (C++ Sockets Library)