-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Web Server 4D/eCommerce 3.5.3 DoS Vulnerability Type: DoS, crashes Daemon Release Date: December 15, 2002 Product / Vendor: Web Server 4D/eCommerce is a single application that includes a shopping cart, credit card authorization, and order tracking - as well as Web Server 4D 3.5 and WS4D/CGI. http://www.mdg.com Summary: Server crashes after sending very long URL a few times. http://host/AAAAAAAAA...(Ax2500)...AAA Tested: Windows 2000 / Web Server 4D/eCommerce 3.5.3 Vulnerable: Web Server 4D/eCommerce 3.5.3 (And may be other) Disclaimer: http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory. Authors: Tamer Sahin ts@securityoffice.net http://www.securityoffice.net Zillion zillion@safemode.org http://www.safemode.org Tamer Sahin http://www.securityoffice.net PGP Key ID: 0x2B5EDCB0 Fingerprint: B96A 5DFC E0D9 D615 8D28 7A1B BB8B A453 2B5E DCB0 -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPENdTruLpFMrXtywEQKo5ACaAumnZ7BM1XBehczENe/B+5Oh2SEAn0d7 CDaDt1quNRjO0TL+g8tc6pnj =bQUc -----END PGP SIGNATURE-----
