[原文]Format string vulnerability in AnswerBook2 (AB2) web server dwhttpd 3.1a4 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via encoded % characters in an HTTP request, which is improperly logged.
AB2 technology is a third-party product from INSO who provides 'dwhttpd' as part of their DynaWeb toolkit. DynaWeb is an implementation of dynamic hypertext, where there are no preexisting web pages. Instead, the pages that you see are constructed on the fly by searching for the most relevant documents based on the links that you select. This bug is apparently fixed in Solaris 2.7. It is unknown if INSO updated the DynaWeb package for external release.
Sun AnswerBook2 Web Server dwhttpd HTTP GET Request Format String DoS
Remote / Network Access,
Local / Remote,
Denial of Service,
Loss of Integrity,
Loss of Availability
Sun AnswerBook2 contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious user sends a HTTP GET request containing an enconded % character, and will result in loss of availability for the service.
Currently, there are no known workarounds or upgrades to correct this issue. However, Sun Microsystems, Inc. has released a patch to address this vulnerability.