Bugtraq mailing list archives
Remote DoS of WebTrends Enterprise Reporting Server
From: jared () ANTISOCIAL COM (rpc)
Date: Sun, 8 Aug 1999 15:11:56 -0000
Hi, WebTrends Enterprise Reporting Server version 1.5 (Linux/Solaris) is vulnerable to a denial of service attack utilizing the Content-length field passed to the HTTP daemon. If a negative Content-length is passed to the daemon after a POST method has been called, the server will stop responding. WebTrends has been notified and a patch is supposedly in the works. Attached is an example script to demonstrate the problem. Version: 1.5 (1.5a has not been tested) OS: Linux 2.2.x and Solaris (v?) License: Full Thanks, rpc <jared () antisocial com> <!-- attachment="tkill.pl__SizeOnDisk_445_" --> <HR> <UL> <LI>application/octet-stream attachment: tkill.pl__SizeOnDisk_445_ </UL>
Current thread:
- Cisco 675 password nonsense DeMoNx (Jul 31)
- Re: Cisco 675 password nonsense Brian Elfert (Aug 03)
- Re: Cisco 675 password nonsense Dave Dittrich (Aug 06)
- Microsoft Security Bulletin MS99-027 Microsoft Product Security Response Team (Aug 06)
- Re: Cisco 675 password nonsense Brian Elfert (Aug 06)
- Microsoft Security Bulletin (MS99-027) Aleph One (Aug 06)
- Re: Cisco 675 password nonsense Signal 11 (Aug 07)
- Remote DoS of WebTrends Enterprise Reporting Server rpc (Aug 08)
- sdtcm_convert Joel Eriksson (Aug 08)
- NetBSD Security Advisory 1999-011 Ross Harvey (Aug 08)
- MS IE FTP Folder Shell Extension Buffer Overflow s.hird () STUDENT QUT EDU AU (Aug 09)
- [jen () ettnet se: sdtcm_convert] Joel Eriksson (Aug 09)
- Bay Annex-Pri Privacy Issues lumpy (Aug 09)
- Re: Bay Annex-Pri Privacy Issues Eric Vyncke (Aug 10)
- Re: Bay Annex-Pri Privacy Issues Dick St.Peters (Aug 11)
- Re: Cisco 675 password nonsense Dave Dittrich (Aug 06)
- Re: Cisco 675 password nonsense Brian Elfert (Aug 03)
- <Possible follow-ups>
- Re: Cisco 675 password nonsense Francis Bodie (Aug 03)
- Cisco 675 password nonsense jobe smithe (Aug 09)