GetWare Web Server Component Content-Length Value Remote Denial Of Service Vulnerability
BID:9451
Info
GetWare Web Server Component Content-Length Value Remote Denial Of Service Vulnerability
| Bugtraq ID: | 9451 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 19 2004 12:00AM |
| Updated: | Jan 19 2004 12:00AM |
| Credit: | Discovery of this vulnerability has been credited to Luigi Auriemma <[email protected]>. |
| Vulnerable: |
GetWare WebCam Live 2.0.1 GetWare PhotoHost 4.0 |
| Not Vulnerable: | |
Discussion
GetWare Web Server Component Content-Length Value Remote Denial Of Service Vulnerability
The GetWare Web Server component has been reported prone to a remote denial of service vulnerability. It has been reported that the issue will present itself when the affected web server receives malicious HTTP requests that contain negative values for the Content-Length field in the HTTP header.
A remote attacker may exploit this issue to deny service to the GetWare Web Server.
The GetWare Web Server component has been reported prone to a remote denial of service vulnerability. It has been reported that the issue will present itself when the affected web server receives malicious HTTP requests that contain negative values for the Content-Length field in the HTTP header.
A remote attacker may exploit this issue to deny service to the GetWare Web Server.
Exploit / POC
GetWare Web Server Component Content-Length Value Remote Denial Of Service Vulnerability
The following proof of concept has been supplied:
The following proof of concept has been supplied:
Solution / Fix
GetWare Web Server Component Content-Length Value Remote Denial Of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
GetWare Web Server Component Content-Length Value Remote Denial Of Service Vulnerability
References:
References:
- GetWare Product Homepage (GetWare)
- Denial of service in Getware's built-in webserver (Webcam Live and Photohost) (Luigi Auriemma
)