Summary
It was possible to kill the web server by
sending empty HTTP fields (namely Connection: and Range: ).
An attacker may use this flaw to prevent this host from performing its job properly.
Solution
If the remote web server is Abyss X1, then upgrade to Abyss X1 v.1.1.4, otherwise inform your vendor of this flaw.
Severity
Classification
-
CVE CVE-2003-1364 -
CVSS Base Score: 8.5
AV:N/AC:L/Au:N/C:N/I:P/A:C
Related Vulnerabilities
- Adobe Flash Player/Air Multiple DoS Vulnerabilities - Aug09 (Linux)
- Avast! Zoo Denial of Service Vulnerability
- Allegro Software RomPager 2.10 Denial of Service
- BitDefender 'pdf.xmd' Module PDF Parsing Remote DoS Vulnerability
- Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Windows)