Rdiffweb is a web application by the American personal developer Patrik Dufresne. A denial of service vulnerability exists in versions prior to Rdiffweb 2.4.8, which stems from a lack of length validation in the root directory name of rdiffweb-demo.ikus-soft.com/admin/users. An attacker could exploit the vulnerability to launch a denial-of-service attack by entering a long string.