Hosting Controller plansettings.asp Crafted Request DoS

2005-07-13T05:45:31
ID OSVDB:17903
Type osvdb
Reporter Soroush Dalili(irsdl@yahoo.com)
Modified 2005-07-13T05:45:31

Description

Vulnerability Description

Hosting Controller contains a flaw that may allow a remote denial of service. The issue is triggered when requesting the 'plansettings.asp' script with specific parameters, which causes the 'inetinfo.exe' process to consume all available CPU resources resulting in a loss of availability.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Hosting Controller contains a flaw that may allow a remote denial of service. The issue is triggered when requesting the 'plansettings.asp' script with specific parameters, which causes the 'inetinfo.exe' process to consume all available CPU resources resulting in a loss of availability.

Manual Testing Notes

http://[target]/admin/AdminSettings/plansettings.asp?action=1

References:

Vendor URL: http://hostingcontroller.com Security Tracker: 1014477 Secunia Advisory ID:15975 Related OSVDB ID: 17899 Related OSVDB ID: 17900 Related OSVDB ID: 17902 Related OSVDB ID: 17905 Related OSVDB ID: 17904 Related OSVDB ID: 17901 Nessus Plugin ID:19194 Bugtraq ID: 14283