Info

Disclosure

Feb 25, 2011

Discovery

Unknown

Dates

Exploit

Mar 07, 2011

Solution

Feb 25, 2011

Description

Hiawatha contains a flaw that may allow a remote denial of service. The issue is triggered when when parsing HTTP header data, allowing a remote attacker to use a large value Content-Length header to cause a denial of service.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Solution: Patch / RCS
Exploit: Exploit Public
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability.

Products

Hugo Leisink

Hiawatha

7.4

References

Exploit Database: 16939
Secunia Advisory ID: 43660
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2011-03/0066.html
http://seclists.org/bugtraq/2011/Mar/65
Vendor Specific News/Changelog Entry: http://www.hiawatha-webserver.org/weblog/16

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/71003