WWW File Share Pro HTTP Request DoS

2004-07-21T10:03:51
ID OSVDB:8142
Type osvdb
Reporter nekd0(nekd0@rambler.ru)
Modified 2004-07-21T10:03:51

Description

Vulnerability Description

WWW File Share Pro contains a flaw that may allow a remote denial of service. The issue is triggered when handling large HTTP GET requests, and will result in loss of availability for the file sharing service.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

WWW File Share Pro contains a flaw that may allow a remote denial of service. The issue is triggered when handling large HTTP GET requests, and will result in loss of availability for the file sharing service.

Manual Testing Notes

To manually test for this vulnerability issue the following URL request:

http://[victim]/AAA...[x50000]...AAA

NOTE: If vulnerable the server application will crash and suffer a loss of data.

References:

Vendor URL: http://www.wfshome.com/ Secunia Advisory ID:12111 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-07/0239.html ISS X-Force ID: 16754 CVE-2004-0741