Hosting Controller planmanager.asp Crafted Request DoS

2005-07-13T05:45:31
ID OSVDB:17902
Type osvdb
Reporter Soroush Dalili(irsdl@yahoo.com)
Modified 2005-07-13T05:45:31

Description

Vulnerability Description

Hosting Controller contains a flaw that may allow a remote denial of service. The issue is triggered when requesting the 'planmanager.asp' script either directly or with specific parameters, which causes the 'inetinfo.exe' process to consume all available CPU resources resulting in a loss of availability.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Hosting Controller contains a flaw that may allow a remote denial of service. The issue is triggered when requesting the 'planmanager.asp' script either directly or with specific parameters, which causes the 'inetinfo.exe' process to consume all available CPU resources resulting in a loss of availability.

Manual Testing Notes

http://[target]/admin/hosting/planmanager.asp?action=3&planid=2 http://[target]/admin/hosting/planmanager.asp [Hang when not admin or reseller] http://[target]/admin/hosting/planmanager.asp?action=3&planid=1

References:

Vendor URL: http://hostingcontroller.com Security Tracker: 1014477 Secunia Advisory ID:15975 Related OSVDB ID: 17899 Related OSVDB ID: 17900 Related OSVDB ID: 17905 Related OSVDB ID: 17903 Related OSVDB ID: 17904 Related OSVDB ID: 17901 Nessus Plugin ID:19194 Bugtraq ID: 14283