• info
• discussion
• exploit
• solution
• references

Fizmez Web Server Null Connection Denial Of Service Vulnerability

Solution:
The following is an untested, unconfirmed patch provided by a third party. It may be used to patch version 1.0 of the software:

( line: 268 of FizmezWebServer.java )

eh.debug("Received input ["+line+"]");
//Hash out request information

/* start of patch */

int firstSpaceIndex = 0;

try
{
firstSpaceIndex = line.indexOf(" ");
}
catch(NullPointerException npe)
{
System.out.println("Void Connection Dropped...");
break;
}

/* end of patch */

The vendor has released an update to address this issue:


Fizmez Web Server 1.0

• Fizmez fws-1.1.tar.gz
  http://fizmez.com/downloads/fws-1.1.tar.gz