Abyss Httpd Crash Network Vulnerability

Summary

It was possible to kill the web server by sending empty HTTP fields (namely Connection: and Range: ). An attacker may use this flaw to prevent this host from performing its job properly.

Solution

If the remote web server is Abyss X1, then upgrade to Abyss X1 v.1.1.4, otherwise inform your vendor of this flaw.

Severity

Classification

CVE CVE-2003-1364
CVSS Base Score: 8.5
AV:N/AC:L/Au:N/C:N/I:P/A:C

Related Vulnerabilities

Dnsmasq Remote Denial of Service Vulnerability
Apple QuickTime Multiple Vulnerabilities - Jun09
AzeoTech DAQFactory Denial of Service Vulnerability
Colasoft Capsa Malformed SNMP V1 Packet Remote Denial of Service Vulnerability
AT-TFTP Server Long Filename BoF Vulnerability

Abyss httpd crash

Take action and discover your vulnerabilities