SurfControl web filters contain a flaw that allows a remote attacker to remotely crash the web service. The issue is due to a lack of sanity checking to prevent large gET requests. Several long sequential GET requests will cause the machine to consume 100% of the CPU resources and stop the web service from responding.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workarounds: Disable the reports server and consider using a terminal session to the server to access the reports.
Discovery of this issue is credited to Matt Moore <email@example.com>.
SurfControl Web Filter for Windows NT/2000 4.1
SurfControl Web Filter for Windows NT/2000 4.0
SurfControl SuperScout Web Filter for Windows NT/2000 3.0.3
SurfControl SuperScout Web Filter for Windows NT/2000 3.0
The SurfControl SuperScout WebFilter Reports Server is prone to a denial of service condition. Multiple overly long GET requests will cause the reports service to stop responding.
The service will reportedly recover eventually.
There is no exploit required.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.