GoAhead WebServer Post Content-Length Remote Resource Consumption Vulnerability
BID:9452
Info
GoAhead WebServer Post Content-Length Remote Resource Consumption Vulnerability
| Bugtraq ID: | 9452 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 19 2004 12:00AM |
| Updated: | Jan 19 2004 12:00AM |
| Credit: | Discovery credited to Luigi Auriemma. |
| Vulnerable: |
GoAhead Software GoAhead WebServer 2.1.8 GoAhead Software GoAhead WebServer 2.1.7 GoAhead Software GoAhead WebServer 2.1.6 GoAhead Software GoAhead WebServer 2.1.5 GoAhead Software GoAhead WebServer 2.1.4 GoAhead Software GoAhead WebServer 2.1.3 GoAhead Software GoAhead WebServer 2.1.2 GoAhead Software GoAhead WebServer 2.1.1 GoAhead Software GoAhead WebServer 2.1 GoAhead Software GoAhead WebServer 2.0 |
| Not Vulnerable: | |
Discussion
GoAhead WebServer Post Content-Length Remote Resource Consumption Vulnerability
A problem in the handling of unusual HTTP requests and content-length sizes may cause a vulnerable GoAhead WebServer to become unstable. Because of this, a remote attacker may be able consume excessive resources on the underlying host, resulting in a denial of service condition.
A problem in the handling of unusual HTTP requests and content-length sizes may cause a vulnerable GoAhead WebServer to become unstable. Because of this, a remote attacker may be able consume excessive resources on the underlying host, resulting in a denial of service condition.
Exploit / POC
GoAhead WebServer Post Content-Length Remote Resource Consumption Vulnerability
An exploit has been made available by Luigi Auriemma at the following location:
http://aluigi.altervista.org/poc/webpostmem.zip
An exploit has been made available by Luigi Auriemma at the following location:
http://aluigi.altervista.org/poc/webpostmem.zip
Solution / Fix
GoAhead WebServer Post Content-Length Remote Resource Consumption Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
GoAhead WebServer Post Content-Length Remote Resource Consumption Vulnerability
References:
References:
- GoAhead WebServer Product Homepage (GoAhead Software)
- Resources consumption in Goahead webserver <= 2.1.8 (Luigi Auriemma
)