TUCoPS :: Web :: Servers :: webstp4.htm

Website Pro 3.0.37 crash 
Vulnerability

    Website Pro

Affected

    Website Pro 3.0.37

Description

    Following is based on a Defcom Labs Advisory def-2001-15 by  Peter
    Grundl.  The  remote manager service  contains a flaw  that allows
    an attacker to cause the service to crash.

    The remote manager service (default on port 9999) will leak memory
    if non-authenticated  requests are  repeatedly made  to the  /dyn/
    directory and will eventually get killed by the OS, eg:

        GET /dyn/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx HTTP/1.0
        host: 10.0.0.1

Solution

    Disallow  access  to  the  remote  manager  service from untrusted
    networks.   The service  is on  TCP port  9999 by  default.   This
    issue  was  brought  to  the  vendor's  attention  on  the 21st of
    February,  2001  and  although  the  vendor  has  been   contacted
    repeatedly no workaround or fix has been received to this date.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH