Mac OS 9 Personal Web Sharing Long HTTP Request DoS

2001-05-10T00:00:00
ID OSVDB:12068
Type osvdb
Reporter Jass Seljamaa(jass@isp.ee)
Modified 2001-05-10T00:00:00

Description

Vulnerability Description

Personal Web Sharing in Mac OS 9 contains a flaw that may allow a remote denial of service. The issue is triggered when sending an overly long HTTP request containing 6,000 bytes or more, and will result in loss of availability for the service.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Personal Web Sharing in Mac OS 9 contains a flaw that may allow a remote denial of service. The issue is triggered when sending an overly long HTTP request containing 6,000 bytes or more, and will result in loss of availability for the service.

Manual Testing Notes

http://[victim]/?aaaaaaaaa... [approx. 6000 characters]

References:

Vendor URL: http://www.apple.com/ Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-05/0104.html ISS X-Force ID: 6536 CVE-2001-0649 Bugtraq ID: 2715