Fastream NETFile Server HEAD Connection Errors Let Remote Users Consume All Available Connections - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Web Server/CGI) > Fastream NETFile Server

Vendors: Fastream Technologies

Fastream NETFile Server HEAD Connection Errors Let Remote Users Consume All Available Connections

SecurityTracker Alert ID: 1012267

SecurityTracker URL: http://securitytracker.com/id/1012267

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Nov 19 2004

Impact: Denial of service via network

Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes

Version(s): 7.1.2

Description: bratax ck reported a vulnerability in Fastream NETFile Server. A remote user can cause denial of service conditions.

It is reported that the web service does not properly process 'keepalive' connection timeouts for HTTP HEAD requests. The service fails to close HEAD request connections. A remote user can make multiple HEAD requests to consume all available connections and deny service to other users.

Impact: A remote user can prevent other users from connecting to the web service.

Solution: The vendor has released a fixed version (7.1.3), available at:

http://www.fastream.com/download.htm

Vendor URL: www.fastream.com/products.htm (Links to External Site)

Cause: State error

Underlying OS: Windows (Any)

Message History: None.

Source Message Contents

Date: Fri, 19 Nov 2004 11:53:58 +0100
Subject: Fastream NETFile FTP/Web Server HEAD Request Processing Lets Remote User Deny Service


Impact: A remote user can make the Fastream Web Server deny serivce to
other users

Vendor URL: http://www.fastream.com/

Vulnerable Versions: Tested on Fastream NETFile FTP/Web Server 7.1.2
Professional - Previous versions probably vulnerable as well (not
tested).

Description:
Fastream NETfile FTP/Web Server improperly handles the timeout on
"keepalive" connections after making a HEAD request to the web server.
When a remote user sends a HEAD request, the web server doesn't close
the connection with the client. This makes it possible for a remote
user to use all the available connections and thus make the software
deny service to other users.

Solution/Status:
Vendor has been contacted and has released a fixed version (7.1.3)

-- 
bratax ck
bratax@gmail.com

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC