See http://secunia.com/advisories/32696/: The issue does only exist, when Pi3Web is installed as an interactive desktop application. However it has not been reproduced on my test system until now. There are a lot of information missing in the original report, which may have influence on the occurence of the issue: - operating system name, version, service pack - Pi3Web configuration (number of connections, thread reusage, connection keep alive, ...) - test environment (application firewall, network components) On the other hand it is conceptual question, whether an interactive desktop application may wait for user input, even if it is a server and if blocking of client requests during this time is to be evaluated as DoS. It has to be considered, that no hardened internet configuration has been used but an operation mode, which is or web development. Please add at least the preference "Pi3Web must be installed as interactive desktop application" to this report because this is proved and is the common understanding of all involved people who are further analysing this issue. -- regards, Holger Zimmermann
