Deerfield Website Pro Remote Manager DoS

2001-03-28T23:10:30
ID OSVDB:5669
Type osvdb
Reporter Peter Gruendl(peter.grundl@defcom.com)
Modified 2001-03-28T23:10:30

Description

Vulnerability Description

Deerfield WebSite Professional contains a flaw that may allow a remote attacker to cause a denial of service. The issue is triggered when multiple non-authenticated requests to the /dyn/ directory are made, and will result in loss of availability for the remote manager service.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Block access to the remote manager service from untrusted networks. The service is listening on port 9999/tcp by default.

Short Description

Deerfield WebSite Professional contains a flaw that may allow a remote attacker to cause a denial of service. The issue is triggered when multiple non-authenticated requests to the /dyn/ directory are made, and will result in loss of availability for the remote manager service.

References:

Security Tracker: 1001188 Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2001-03/0425.html Keyword: TCP Port 9999 ISS X-Force ID: 6295 CVE-2001-0394 Bugtraq ID: 6729