NetworkActiv Web Server DoS

韩冰

Summary</B>NetworkActiv Web Server is a "simple and easy to use web server (HTTP server)".
$ m  h: `$ ^& a  n& r! m
+ Z8 \4 \5 h. ?0 t* gA remote user can supply an HTTP GET request with the %25 [%] string to server, causing it to consume all available CPU resources.
/ j" O1 F; g- K; ~4 p# _' S
Details</B><B>Vulnerable Systems:</B>
9 Y5 H2 V: B* J9 f$ T * NetworkActiv Web Server 1.0 prior to 28 September 2004
2 B4 c  R2 H- m4 ]3 _/ u8 P
' D8 `0 {+ v) E# e<B>Immune Systems:</B>
* NetworkActiv Web Server 1.0 after 28 September 2004

<B>Vendor response:</B>
# r, E4 |. ~0 ?" z2 BThe vendor has issued a fix to prevent the vulnerability from happening.

Additional information</B>The information has been provided by GSS IT.