NetworkActiv Web Server DoS

韩冰

Summary</B>NetworkActiv Web Server is a "simple and easy to use web server (HTTP server)".
" ~3 T7 g" Q0 K5 w0 z( `
A remote user can supply an HTTP GET request with the %25 [%] string to server, causing it to consume all available CPU resources.

Details</B><B>Vulnerable Systems:</B>
6 k$ ?$ ~5 l, D" N * NetworkActiv Web Server 1.0 prior to 28 September 2004

& m7 p, v' F3 s" h7 F! ]% Z<B>Immune Systems:</B>
) M6 n( P; Z) t' c0 U * NetworkActiv Web Server 1.0 after 28 September 2004
# V4 x' t. [- q2 @
! ]% L8 r/ t8 r6 i, K<B>Vendor response:</B>
3 {, p' f/ \! O' uThe vendor has issued a fix to prevent the vulnerability from happening.

Additional information</B>The information has been provided by GSS IT.