Monit Content-Length HTTP Request DoS

2003-11-24T08:36:46
ID OSVDB:2865
Type osvdb
Reporter Evgeny Legerov()
Modified 2003-11-24T08:36:46

Description

Vulnerability Description

Monit HTTP Server contains a flaw that may allow a remote denial of service. The issue is triggered when the server recieves a HTTP request with a negative value in the "Content-Length:" header, and will result in loss of availability for the service.

Solution Description

Upgrade to version 4.2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Monit HTTP Server contains a flaw that may allow a remote denial of service. The issue is triggered when the server recieves a HTTP request with a negative value in the "Content-Length:" header, and will result in loss of availability for the service.

References:

Vendor URL: http://www.tildeslash.com/monit/ Vendor Specific Solution URL: http://www.tildeslash.com/monit/dist/ Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:10280 Mail List Post: http://lists.netsys.com/pipermail/full-disclosure/2003-November/014093.html Keyword: S-Quadra Advisory #2003-11-24 ISS X-Force ID: 13818 Generic Informational URL: http://www.s-quadra.com/advisories/Adv-20031124.txt CVE-2003-1084 CERT VU: 623854 Bugtraq ID: 9098