[原文]Gattaca Server 2003 18.104.22.168 allows remote attackers to cause a denial of service (CPU consumption) via directory specifiers in the LANGUAGE parameter to (1) index.tmpl and (2) web.tmpl, such as (a) slash "/", (b) backslash "\", (c) dot ".",, (d) dot dot "..", and (e) internal slash "lang//en".
It is reported that Gattaca Server 2003 contains multiple denial of service vulnerabilities.
These vulnerabilities allow a remote attacker to crash the application, denying service to legitimate users.
Version 22.214.171.124 is reported vulnerable. Prior versions may also contain these vulnerabilities as well.
Gattaca Server 2003 web.tmpl Language Variable CPU Consumption DoS
Remote / Network Access
Denial of Service
Loss of Availability
Gattaca Server 2003 contains a flaw that may allow a Remote denial of service. The issue is triggered when malformed HTTP requests are issued using input passed to the "TEMPLATE" and "LANGUAGE" parameters in the "web.tmpl" script - such input is not validated and causes large amounts of CPU processing. Additionally, the server can be crashed by establishing 600 concurrent connections.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.