Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:5023
HistoryAug 22, 2003 - 12:00 a.m.

[Full-Disclosure] SECURITY ADVISORY

2003-08-2200:00:00
vulners.com
13
JSON

SECURITY ADVISORY

IMPACT: DoS
SEVERITY: High
VENDOR: http://www.Wap-Serv.com
CONTACT: [email protected] , +44 (0)1628 634240
PRODUCT: http://www.wap-serv.com/product.htm
WapServ Lite, WapServ Pro, WapServ Enterprise
DISTRIBUTION: ALREADY NOTIFIED PUBLIC DOMAIN AND VENDOR SIMULTANEOUSLY

HOW TO REPRODUCE:

To Crash Wap Serv
1) Start WapServ wap gateway on platform
2) Send the following data over the specific listening ports
a) 0x00 (or any single byte value) to port 9200 (Connection-less non WTLS)
or
b) 0x89, 0x77, 0x13, 0x86, 0x3d to port 9201 (Connection-orientated non WTLS)

To Cause Out Of Memory
1) Start WapServ wap gateway on platform
2) Send the following over the specified listening ports
a) 0xa6, 0x09, 0x5d to port 9201 (Connection-orientated non WTLS)

To prevent WapServ from starting
1) Send relevant bytes to well known wap ports
2) Start WapServ wap gateway, it will fail to start.

END SECURITY ADVISORY

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

JSON