OpenConnect Webconnect MS-DOS device name denial-of-service

ID VU:552561
Type cert
Reporter CERT
Modified 2005-02-21T00:00:00



OpenConnect WebConnect may stop responding after processing an HTTP request with an MS-DOS device name in it.


OpenConnect Webconnect provides secured web access and emulation services for backend mainframes and UNIX servers. Versions of Webconnect prior to 6.4.5 and 6.5.1 running on Windows OS may stop responding after processing an HTTP GET or POST request with an MS-DOS device name in it. All HTTP and emulation services supported by Webconnect may be affected after such an attack.


OpenConnect WebConnect running on Windows OS may experience a denial-of-service condition after processing MS-DOS device names in HTTP requests.


Affected sites should upgrade to a corrected version of WebConnect, versions 6.4.5 and 6.5.1. Licensed users can send mail to OpenConnect technical support mailto:, or call +1-972-888-0678.

Systems Affected

Vendor| Status| Date Notified| Date Updated
OpenConnect| | 21 Dec 2004| 20 Feb 2005
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A


  • <>
  • <>


Thanks to Dennis Rand of the Danish Computer Incident Response Team for reporting this vulnerability.

This document was written by Jeff S Havrilla, with contributions from Dennis Rand and the OpenConnect WebConnect Development team.

Other Information

  • CVE IDs: CAN-2004-0466
  • Date Public: 21 Feb 2005
  • Date First Published: 21 Feb 2005
  • Date Last Updated: 21 Feb 2005
  • Severity Metric: 1.06
  • Document Revision: 19