Hosting Controller editplanopt3.asp Crafted Request DoS

2005-07-13T05:45:31
ID OSVDB:17904
Type osvdb
Reporter Soroush Dalili(irsdl@yahoo.com)
Modified 2005-07-13T05:45:31

Description

Vulnerability Description

Hosting Controller contains a flaw that may allow a remote denial of service. The issue is triggered when requesting the 'editplanopt3.asp' script directly, which causes the 'inetinfo.exe' process to consume all available CPU resources resulting in a loss of availability.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Hosting Controller contains a flaw that may allow a remote denial of service. The issue is triggered when requesting the 'editplanopt3.asp' script directly, which causes the 'inetinfo.exe' process to consume all available CPU resources resulting in a loss of availability.

Manual Testing Notes

http://[target]/admin/hosting/editplanopt3.asp

References:

Vendor URL: http://hostingcontroller.com Security Tracker: 1014477 Secunia Advisory ID:15975 Related OSVDB ID: 17899 Related OSVDB ID: 17900 Related OSVDB ID: 17902 Related OSVDB ID: 17905 Related OSVDB ID: 17903 Related OSVDB ID: 17901 Nessus Plugin ID:19194 Bugtraq ID: 14283