Web Crossing Web Server Component Remote Denial Of Service Vulnerability
BID:9576
Info
Web Crossing Web Server Component Remote Denial Of Service Vulnerability
| Bugtraq ID: | 9576 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 04 2004 12:00AM |
| Updated: | Feb 04 2004 12:00AM |
| Credit: | Discovery of this vulnerability has been credited to Peter Winter-Smith. |
| Vulnerable: |
Web Crossing Inc Web Crossing 5.0 Web Crossing Inc Web Crossing 4.0 |
| Not Vulnerable: |
Web Crossing Inc Web Crossing 5.0 09FEB04 |
Discussion
Web Crossing Web Server Component Remote Denial Of Service Vulnerability
The Web Crossing Web Server component has been reported prone to a remote denial of service vulnerability. It has been reported that the issue will present itself when the affected web server receives a malicious HTTP request that contains negative values for certain fields in the HTTP header.
The Web Crossing Web Server component has been reported prone to a remote denial of service vulnerability. It has been reported that the issue will present itself when the affected web server receives a malicious HTTP request that contains negative values for certain fields in the HTTP header.
Exploit / POC
Web Crossing Web Server Component Remote Denial Of Service Vulnerability
The following proof of concept has been supplied:
The following proof of concept has been supplied:
Solution / Fix
Web Crossing Web Server Component Remote Denial Of Service Vulnerability
Solution:
The vendor has released a fix to address this issue:
Web Crossing Inc Web Crossing 4.0
Web Crossing Inc Web Crossing 5.0
Solution:
The vendor has released a fix to address this issue:
Web Crossing Inc Web Crossing 4.0
-
Web Crossing Inc Version 5.0 09FEB04
http://webcrossing.com/download/
Web Crossing Inc Web Crossing 5.0
-
Web Crossing Inc Version 5.0 09FEB04
http://webcrossing.com/download/
References
Web Crossing Web Server Component Remote Denial Of Service Vulnerability
References:
References:
- v5.0 09FEB04 Build Notes (Web Crossing Inc.)
- Web Crossing 4.x/5.x Denial of Service Vulnerability (Peter Winter-Smith)
- Web Crossing Homepage (Web Crossing Inc.)
- Web Crossing 4.x/5.x Denial of Service Vulnerability (FIX) ("Peter Winter-Smith"
)