Loom Software SurfNow Remote HTTP GET Request Denial Of Service Vulnerability
BID:9519
Info
Loom Software SurfNow Remote HTTP GET Request Denial Of Service Vulnerability
| Bugtraq ID: | 9519 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2004-2129 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 28 2004 12:00AM |
| Updated: | Jul 12 2009 02:06AM |
| Credit: | Vulnerability discovery credited to Donato Ferrante. |
| Vulnerable: |
Loom Software SurfNOW Standart 2.2 Loom Software SurfNOW Standart 2.1 Loom Software SurfNOW Standart 2.0 Loom Software SurfNOW Standart 1.6 Loom Software SurfNOW Standart 1.5 Loom Software SurfNOW Standart 1.4 Loom Software SurfNOW Standart 1.2 Loom Software SurfNOW Professional 2.2 Loom Software SurfNOW Professional 2.1 Loom Software SurfNOW Professional 2.0 Loom Software SurfNOW Professional 1.6 Loom Software SurfNOW Professional 1.5 Loom Software SurfNOW Professional 1.4 Loom Software SurfNOW Professional 1.2 |
| Not Vulnerable: | |
Discussion
Loom Software SurfNow Remote HTTP GET Request Denial Of Service Vulnerability
A problem has been identified in the handling of specific types of requests by SurfNOW. Upon receiving specially crafted HTTP GET requests, it is possible for a remote attacker to crash a vulnerable implementation, denying service to the user.
A problem has been identified in the handling of specific types of requests by SurfNOW. Upon receiving specially crafted HTTP GET requests, it is possible for a remote attacker to crash a vulnerable implementation, denying service to the user.
Exploit / POC
Loom Software SurfNow Remote HTTP GET Request Denial Of Service Vulnerability
The following proof-of-concept has been made available by Donato Ferrante:
GET \aaaaaaaaaaaaa[ 490 kb of a ]aaaa HTTP/1.1\n\n\n
The following proof-of-concept has been made available by Donato Ferrante:
GET \aaaaaaaaaaaaa[ 490 kb of a ]aaaa HTTP/1.1\n\n\n
Solution / Fix
Loom Software SurfNow Remote HTTP GET Request Denial Of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Loom Software SurfNow Remote HTTP GET Request Denial Of Service Vulnerability
References:
References:
- Company Homepage (Loom Software)
- Denial Of Service in SurfNOW 2.2 ("Donato Ferrante"
)