Hiawatha WebServer 'Content-Length' Denial Of Service Vulnerability Network Vulnerability

Summary

This host is running Hiawatha Web Server and is prone to denial of service vulnerability.

Impact

Successful exploitation could allow remote unauthenticated attackers to cause a denial of service or possibly execute arbitrary code. Impact Level: Application

Solution

Vendor has released a workaround to fix the issue, please refer below link for details on workaround. http://www.hiawatha-webserver.org/weblog/16 For updates refer to http://www.hiawatha-webserver.org

Insight

The flaw is due to the way Hiawatha web server validates requests with a bigger 'Content-Length' causing application crash.

Affected

Hiawatha Webserver Version 7.4, Other versions may also be affected.

References

http://packetstormsecurity.org/files/view/99021/DCA-2011-0006.txt
http://www.exploit-db.com/exploits/16939/

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C

Related Vulnerabilities

Adobe Digital Edition Denial of Service Vulnerability (Windows)
Checkpoint Firewall-1 UDP denial of service
ActFax Server Multiple Remote Buffer Overflow Vulnerabilities
Adobe Reader PDF Handling Denial Of Service Vulnerability (Linux)
CA Multiple Products 'arclib' Component DoS Vulnerability (Win)

Hiawatha WebServer 'Content-Length' Denial of Service Vulnerability

Take action and discover your vulnerabilities