Bugtraq mailing list archives
def-2001-05: Netscape Fasttrack Server Caching DoS
From: Peter Gründl <peter.grundl () DEFCOM COM>
Date: Mon, 22 Jan 2001 13:30:33 +0100
====================================================================== Defcom Labs Advisory def-2001-05 Netscape Fasttrack Server Caching DoS Author: Peter Gründl <peter.grundl () defcom com> Release Date: 2001-01-22 ====================================================================== ------------------------=[Brief Description]=------------------------- The Fasttrack 4.1 server has problems with its caching module. The problem can result in all the server memory being consumed and thus causing the server to perform very sluggishly. ------------------------=[Affected Systems]=-------------------------- - Netscape Fasttrack Server 4.1 for Windows NT 4.0 ----------------------=[Detailed Description]=------------------------ The Fasttrack 4.1 server caches requests for non-existing URLs with valid extensions (eg. .html). The cached ressources are not freed again (at least not after half an hour), so a malicious user could cause the web server to perform very sluggishly, simply by requesting a lot of non-existing html-documents on the web server. ---------------------------=[Workaround]=----------------------------- None known. -------------------------=[Vendor Response]=-------------------------- This issue was brought to the vendor's attention on the 7th of December, 2000. Vendor replied that the Fasttrack server is not meant for production environments and as that, the issue will not be fixed. ====================================================================== This release was brought to you by Defcom Labs labs () defcom com www.defcom.com ======================================================================
Current thread:
- def-2001-05: Netscape Fasttrack Server Caching DoS Peter Gründl (Jan 22)
- Re: def-2001-05: Netscape Fasttrack Server Caching DoS Peter W (Jan 23)