Geo++ GNCASTER HTTP GET Request Denial Of Service Vulnerability
BID:40009
Info
Geo++ GNCASTER HTTP GET Request Denial Of Service Vulnerability
| Bugtraq ID: | 40009 |
| Class: | Input Validation Error |
| CVE: |
CVE-2010-0552 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 27 2010 12:00AM |
| Updated: | Jan 27 2010 12:00AM |
| Credit: | RedTeam Pentesting GmbH |
| Vulnerable: |
Geo++ GNCASTER 1.4.0.7 |
| Not Vulnerable: |
Geo++ GNCASTER 1.4.0.8 |
Discussion
Geo++ GNCASTER HTTP GET Request Denial Of Service Vulnerability
Geo++ GNCASTER is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to cause the application to crash, resulting in a denial-of-service condition. Arbitrary code-execution may also be possible; this has not been confirmed.
Geo++ GNCASTER 1.4.0.7 is vulnerable; other versions may also be affected.
Geo++ GNCASTER is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to cause the application to crash, resulting in a denial-of-service condition. Arbitrary code-execution may also be possible; this has not been confirmed.
Geo++ GNCASTER 1.4.0.7 is vulnerable; other versions may also be affected.
Exploit / POC
Geo++ GNCASTER HTTP GET Request Denial Of Service Vulnerability
The following proof of concept is available:
The following proof of concept is available:
Solution / Fix
Geo++ GNCASTER HTTP GET Request Denial Of Service Vulnerability
Solution:
Vendor updates are available. Please contact the vendor for more information.
Solution:
Vendor updates are available. Please contact the vendor for more information.
References
Geo++ GNCASTER HTTP GET Request Denial Of Service Vulnerability
References:
References:
- [RT-SA-2010-001] Geo++(R) GNCASTER: Insecure handling of long URLs (RedTeam Pentesting)
- Geo++ GNCASTER Homepage (Geo++)