WebConnect MS-DOS Device Name Request DoS

2005-02-21T10:13:30
ID OSVDB:14009
Type osvdb
Reporter Dennis Rand(advisory@cirt.dk)
Modified 2005-02-21T10:13:30

Description

Vulnerability Description

WebConnect contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted HTTP request is sent containing a reserved MS-DOS device name, and will result in loss of availability for the platform.

Solution Description

Upgrade to version 6.5.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

WebConnect contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted HTTP request is sent containing a reserved MS-DOS device name, and will result in loss of availability for the platform.

References:

Vendor URL: http://www.openconnect.com/ Security Tracker: 1013245 Secunia Advisory ID:14006 Related OSVDB ID: 14010 Other Advisory URL: http://cirt.dk/advisories/cirt-29-advisory.pdf Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-02/0447.html CVE-2004-0466 CERT VU: 552561