SecurityOffice

Essentia Web Server DoS Vulnerability

Type

DoS, crashes Daemon

Release Date

February 22, 2002

Product / Vendor

The Essentia Web Server provides Enhanced Web Application and Communication Services. Whether you are setting up a simple Web Site on your Corporate Intranet or creating large sites for the Internet, Essentia provides a simple and flexible way to make an even stronger Web and Applications Platform.

http://www.essencomp.com

Summary

Essentia Web Server is subject to a denial of service. Submitting a request of unusual length to the host will cause the server to crash. A restart is required in order to gain normal functionality.

http://host/AAAAAA...(Ax2000)...AAAAAA

Tested

Windows 2000 / Essentia Web Server 2.1

Vulnerable

Essentia Webserver 2.1 (And may be other.)

Disclaimer

http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory.

Author

Tamer Sahin
ts(at)securityoffice.net
http://www.securityoffice.net