• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Web ChatServer HTML Injection Vulnerability

Solution:
The vendor contacted Symantec with the following response:

Chatserver is a skeleton application designed to teach the concept of http chunked transfers to developers. It is not designed for, or capable of production use.

Its own readme states the same concerns declared in this advisory.

There will be no patch released because such is outside of the applications design intent.

Please refer to the applications Readme file for more details.