SurfControl SuperScout Email Filter Missing Content-Length HTTP Header Field DoS Vulnerability

SurfControl SuperScout Email Filter comes with a web-based interface to provide remote access to administrative facilities.

The administrative web interface is prone to a denial of service when handling a malformed HTTP request. Upon receipt of a request that does not contain a Content-Length HTTP Header field, the administrative interface will crash.

It may be possible for attackers to exploit this condition to execute arbitrary code. This is not confirmed.


Privacy Statement
Copyright 2010, SecurityFocus