Info

Disclosure

Apr 23, 2006

Discovery

Unknown

Dates

Exploit

Apr 23, 2006

Solution

Unknown

Description

Fenice contains a flaw that may allow a remote denial of service. The issue is triggered when a Content-Length HTTP header with a big value such as 2147483647 is sent, and will result in loss of availability for the service.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Availability
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Upgrade to version 1.11 (svn r353 - 2006-06-06) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

(LS)³	Fenice	1.10
		CVS-20050726

References

Bugtraq ID: 17678
Secunia Advisory ID: 19770
CVE ID: 2006-2023 (see also: NVD)
Related OSVDB ID: 24881
VUPEN Advisory: ADV-2006-1491
Other Advisory URL: http://aluigi.altervista.org/adv/fenicex-adv.txt
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0023.html
http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0638.html
Vendor URL: http://streaming.polito.it/server

Credit

Luigi Auriemma - aluigiautistici.org - http://aluigi.altervista.org

Direct URL: http://osvdb.org/24882

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

(LS)³

Fenice

References

Credit