Summary
It was possible to kill the remobe
web server by requesting
GET /cgi-bin/A.AAAA[...]A HTTP/1.0
This is known to trigger a heap overflow in some servers like CERN HTTPD.
A cracker may use this flaw to disrupt your server. It *might* also be exploitable to run malicious code on the machine.
Solution
Ask your vendor for a patch or move to another server
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- IBM WebSphere Application Server (WAS) Multiple Vulnerabilities - (Jan2012)
- Lighttpd 'mod_userdir' Case Sensitive Comparison Security Bypass Vulnerability
- Savant Web Server Remote Buffer Overflow Vulnerability
- Media Player Classic (MPC) Webserver Multiple Vulnerabilities
- JBoss Application Server Multiple Vulnerabilities