Info

Disclosure

May 15, 2001

Discovery

Apr 23, 2001

Dates

Exploit

Unknown

Solution

Unknown

Description

OmniHTTPd Pro contains a flaw that may allow a remote denial of service. The issue is triggered when sending an overly long POST request containing 4,111 bytes and more, which causes the daemon to crash, and will result in loss of availability for the service.

Classification

Location: Remote/Network Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Omnicron Technologies Corporation

OmniHTTPd Pro

2.08

References

Bugtraq ID: 2730
Vendor Specific News/Changelog Entry: http://osvdb.org/ref/39/39140-OmniHTTPd.html
Other Advisory URL: http://www.securiteam.com/windowsntfocus/5AP0H204AW.html
ISS X-Force ID: 6540
Mail List Post: http://www.securityfocus.com/archive/1/184794
CVE ID: 2001-0613 (see also: NVD)
Vendor URL: http://www.omnicron.ca/ [ Link is 404 ]

Credit

SNS Research - vuln-devgreyhack com - SNS Research

Direct URL: http://osvdb.org/36218