Info

Disclosure

Oct 07, 2004

Discovery

Aug 16, 2004

Dates

Exploit

Oct 06, 2004

Solution

Unknown

Description

MaxDB webdmn contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted HTTP request containing a value higher than 0x7F in the "Server" field is sent, and will result in loss of availability for the web agent component of MaxDB.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Upgrade to version 7.5.00.18 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

MySQL

MaxDB

7.5

References

Secunia Advisory ID: 12756
CVE ID: 2004-0931 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0144.html
Other Advisory URL: http://www.idefense.com/application/poi/display?id=150&type=vulnerabilities

Credit

Patrik Karlsson - patrikcqure.net - cqure.net

Direct URL: http://osvdb.org/10532