|
|
| |
| OmniHTTPd Pro is a powerful all-purpose industry compliant web server built specifically for the Windows 9x and NT platforms. A security vulnerability in the product allows remote attackers to cause the server to crash by overflowing one of its internal buffers. |
| |
Credit:
The information has been provided by SNS Research.
|
| |
Vulnerable systems:
OmniHTTPd Pro version 2.08
The OmniHTTPd Pro web server is susceptible to DoS through a lengthy POST request. If such a request is made to the server (a POST request that exceeds 4111 bytes in size) the server process will die. Neither the request nor the crash is recorded in the server log files.
Solution:
The vendor was initially notified on 23 April, 2001. The response on May 2 was that 'the matter was under investigation'. At this time no fix for the problem appears forthcoming.
|
|
|
|
|
