[24382] in bugtraq
SecurityOffice Security Advisory:// Essentia Web Server DoS Vulnerability
daemon@ATHENA.MIT.EDU (Tamer Sahin)
Fri Feb 22 16:58:35 2002
Message-ID: <006301c1bb2f$f6a6ad20$b0b083d9@ts>
Reply-To: "Tamer Sahin" <ts@securityoffice.net>
From: "Tamer Sahin" <ts@securityoffice.net>
To: <bugtraq@securityfocus.com>
Date: Fri, 22 Feb 2002 01:32:00 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Essentia Web Server DoS Vulnerability
Type:
DoS, crashes Daemon
Release Date:
February 22, 2002
Product / Vendor:
The Essentia Web Server provides Enhanced Web Application and
Communication Services. Whether you are setting up a simple Web Site
on your Corporate Intranet or creating large sites for the Internet,
Essentia provides a simple and flexible way to make an even stronger
Web and Applications Platform.
http://www.essencomp.com/
Summary:
Essentia Web Server is subject to a denial of service. Submitting a
request of unusual length to the host will cause the server to crash.
A restart is required in order to gain normal functionality.
http://host/AAAAAA...(Ax2000)...AAAAAA
Tested:
Windows 2000 / Essentia Web Server 2.1
Vulnerable:
Essentia Webserver 2.1 (And may be other.)
Disclaimer:
http://www.securityoffice.net is not responsible for the misuse or
illegal use of any of the information and/or the software listed on
this security advisory.
Author:
Tamer Sahin
ts@securityoffice.net
http://www.securityoffice.net
Tamer Sahin
http://www.securityoffice.net
PGP Key ID: 0x2B5EDCB0
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQA/AwUBPHWDb7uLpFMrXtywEQJ4xQCgpG9H9237UzLL8t4glRutLCb3ACoAoLT4
0Uuqb5ckaDSno+3A4NqjM8o7
=1Yzo
-----END PGP SIGNATURE-----
