IPSwitch IMail 6.x/7.0.x Web Calendaring Incomplete Post Denial of Service Vulnerability

2002-07-30T00:00:00
ID EDB-ID:21673
Type exploitdb
Reporter anonymous
Modified 2002-07-30T00:00:00

Description

IPSwitch IMail 6.x/7.0.x Web Calendaring Incomplete Post Denial Of Service Vulnerability. CVE-2002-1077. Dos exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/5365/info

IMail is a commercial email server software package distributed and maintained by Ipswitch, Incorporated. IMail is available for Microsoft Operating Systems.

When a HTTP POST command is made to the web calendaring service on port 8484, and the "content-length:" header field is blank, the service becomes unstable. It has been reported that such a transaction with the service results in a crash of the iwebcal service. 

An attacker may exploit this vulnerability by submitting the following request to a vulnerable server:

POST / HTTP/1.0