| VID |
22318 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The relevant host is running a version of Caudium Web Server which is older than 1.4.4. Caudium is the name of a GPL-ed (free for commercial and personal use) web server written in Pike and in C. Caudium Web Server versions prior to 1.4.4 RC2 are vulnerable to a denial of service attack, caused by an off-by-one buffer underflow in the parsing of HTTP requests. A remote attacker could send a specially crafted HTTP request containing a variable of '=&' to cause the affected Web server to crash.
* Note: This check solely relied on the banner of the remote HTTP server to assess this vulnerability, so this might be a False Positive.
* References:
http://securitytracker.com/alerts/2004/Oct/1011997.html
http://caudium.net/
* Platforms Affected:
The Caudium Group, Caudium Web Server versions prior to 1.4.4 RC2
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Caudium (1.4.4 RC2 or later), available from the Caudium Download site at http://www.caudium.net/space/start |
| Related URL |
(CVE) |
| Related URL |
11567 (SecurityFocus) |
| Related URL |
17919 (ISS) |
|
