[原文]Gattaca Server 2003 1.1.10.0 allows remote attackers to cause a denial of service (CPU consumption) via directory specifiers in the LANGUAGE parameter to (1) index.tmpl and (2) web.tmpl, such as (a) slash "/", (b) backslash "\", (c) dot ".",, (d) dot dot "..", and (e) internal slash "lang//en".
Gattaca Server 2003 1.1.10.0版本存在漏洞。远程攻击者借助目录说明符导致服务拒绝(CPU消耗),这些目录说明符在(1)index.tmpl和(2)web.tmpl的LANGUAGE参数中,比如(a)斜线"/",(b) 反斜线 "\",(c)点 ".",(d)点 点 "..",和(e)内部斜线"lang//en"。
-
公告与补丁
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .
-
漏洞信息 (24282)
Gattaca Server 2003 web.tmpl Language Variable CPU Consumption DoS (EDBID:24282)
source: http://www.securityfocus.com/bid/10728/info
It is reported that Gattaca Server 2003 contains multiple denial of service vulnerabilities.
These vulnerabilities allow a remote attacker to crash the application, denying service to legitimate users.
Version 1.1.10.0 is reported vulnerable. Prior versions may also contain these vulnerabilities as well.
http://www.example.com/web.tmpl?HELPID=8000&TEMPLATE=skins//water&LANGUAGE=/../../../../
http://www.example.com/web.tmpl?HELPID=8000&TEMPLATE=skins//water&LANGUAGE=.
http://www.example.com/web.tmpl?HELPID=8000&TEMPLATE=skins//water&LANGUAGE=/
http://www.example.com/web.tmpl?HELPID=8000&TEMPLATE=skins//water&LANGUAGE=http://www.example.com/web.tmpl?HELPID=8000&TEMPLATE=skins//[whatever]&LANGUAGE=lang//en
Gattaca Server 2003 web.tmpl Language Variable CPU Consumption DoS
Remote / Network Access
Denial of Service
Loss of Availability
Exploit Public
Vendor Verified
-
漏洞描述
Gattaca Server 2003 contains a flaw that may allow a Remote denial of service. The issue is triggered when malformed HTTP requests are issued using input passed to the "TEMPLATE" and "LANGUAGE" parameters in the "web.tmpl" script - such input is not validated and causes large amounts of CPU processing. Additionally, the server can be crashed by establishing 600 concurrent connections.
-
时间线
2004-07-15
Unknow
2004-07-15
Unknow
-
解决方案
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.