| VID |
22290 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The MyServer server, according to its version number, has a denial of service vulnerability via the long HTTP POST request.
MyServer is a freely available Web server for Microsoft Windows and Linux-based platforms. MyServer version 0.7.1 and possibly other versions are vulnerable to a denial of service attack, due to a boundary error in the parsing of HTTP requests. This flaw can be triggered when a remote attacker sends a HTTP POST request containing 512 or more characters, and will result in loss of availability for the service.
* Note: This check solely relied on the version number of the remote MyServer Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.osvdb.org/displayvuln.php?osvdb_id=10333
http://www.secunia.com/advisories/12640
http://fux0r.phathookups.com/advisory/sp-x14-advisory.txt
http://securitytracker.com/alerts/2004/Sep/1011427.html
* Platforms Affected:
MyServer MyServer 0.7.1
Linux Any version
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of MyServer (0.7.2 or later), available from the MyServer Download page at http://sourceforge.net/project/showfiles.php?group_id=63119 |
| Related URL |
CVE-2004-2517 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
17496 (ISS) |
|
