|
Vulnerability WebObjects Affected WO with development licence Description Bruce Potter found following. He found a DoS in WebObjects apps (with a possible remote exploit). So far we've found this problem in WebObjects 4.5 Developer running with the CGI-adapter and IIS 4.0 on NT 4.0 SP5. WO 4.5 Beta on Solaris 2.6 with Netscape Enterprise isn't vulnerable. If you send a large (4.1K) header variable to the webobjects app it will core (fires up doctor watson). This may result in a remotely executable exploit as the user running IIS, but Bruce hasn't taken the time to check. This worked on any app we tested it on, including "empty" projects that did _nothing_. Construct a message as follows POST /scripts/WebObjects.exe/EmptyProject HTTP/1.0 Accept: AAAAAAAAA.... (about 4.1K worth of A's) Content-Length: 16 uselessdata=dork That's it. The app will die and fire up a doctor watson window. From testings, it appears that as long as you have > 4.1K worth of headers, the app will die (ie: you don't need to have all the data in one variable). Solution Bruce submitted this vulnerablity to Apple last week. To their credit they responded in a resonable timeframe. According to the testing done on their end, this DoS is only present when you use a development license. WO with deployment licenses are not vulnerable. Our deployment license is "in the mail" so we haven't been able to test this. Seems a bit odd to me being that you keep the same software and just change the license key to "upgrade" from devel to deploy... there's no new software installed. We'll see.