NewAtlanta ServletExec ISAPI com.newatlanta.servletexec.JSP10Servlet DoS

2002-05-22T00:00:00
ID OSVDB:8381
Type osvdb
Reporter OSVDB
Modified 2002-05-22T00:00:00

Description

Vulnerability Description

ServletExec ISAPI contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker sends an overly long request to com.newatlanta.servletexec.JSP10Servlet, which will crash the server, resulting in loss of availability.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, New Atlanta Communications has released a patch to address this vulnerability.

Short Description

ServletExec ISAPI contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker sends an overly long request to com.newatlanta.servletexec.JSP10Servlet, which will crash the server, resulting in loss of availability.

Manual Testing Notes

http://[victim]/servlet/com.newatlanta.servletexec.JSPServlet/AAAAAAAA....AAAA

References:

Vendor URL: http://www.newatlanta.com/ Related OSVDB ID: 8380 Other Advisory URL: http://www.westpoint.ltd.uk/advisories/wp-02-0006.txt ISS X-Force ID: 9141 CVE-2002-0894 Bugtraq ID: 4796