|
|
Info |
Last Modified |
| 11 months ago |
|
|
|
|
Description |
Jana Server contains a buffer overflow in the HTTP server. If an extremely long HTTP request is received, the server will crash when attempting to log the request.
|
|
Classification |
Attack Type:
Input Manipulation
|
|
Technical |
Sending an invalid GET request with a extremely long HTTP version field could crash Jana Server or allow an attacker to run arbitrary code on the system.
Attack Example:
GET /jana_server_are_you_there? HTTP/[Really long version that contains exploitable code].0\r\n\r\n
|
|
Solution |
There have been no official patches released to correct this issue. As a work around, administrators may wish to disable HTTP logging. This may, however, allow other attacks or errors to go undetected.
|
|
Products |
|
JanaServer
 |
1.0 |
1.45 |
1.46 |
2.0.0 |
2.2.1 |
|
|
|
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|