Info

Disclosure

Feb 21, 2005

Discovery

Unknown

Dates

Exploit

Feb 21, 2005

Solution

Unknown

Description

WebConnect contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted HTTP request is sent containing a reserved MS-DOS device name, and will result in loss of availability for the platform.

Classification

Location: Remote/Network Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Upgrade to version 6.5.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

OpenConnect Systems, Incorporated	WebConnect	6.4.4
		6.5

References

Security Tracker: 1013245
Secunia Advisory ID: 14006
Related OSVDB ID: 14010
CVE ID: 2004-0466 (see also: NVD)
CERT VU: 552561
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-02/0447.html
Other Advisory URL: http://cirt.dk/advisories/cirt-29-advisory.pdf
Vendor URL: http://www.openconnect.com/

Credit

Dennis Rand - advisorycirt.dk - Danish Computer Incident Response Team

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

OpenConnect Systems, Incorporated

WebConnect

References

Credit