|
|
|
 |
Vulnerability Note VU#552561OpenConnect Webconnect MS-DOS device name denial-of-serviceOverviewOpenConnect WebConnect may stop responding after processing an HTTP request with an MS-DOS device name in it.I. DescriptionOpenConnect Webconnect provides secured web access and emulation services for backend mainframes and UNIX servers. Versions of Webconnect prior to 6.4.5 and 6.5.1 running on Windows OS may stop responding after processing an HTTP GET or POST request with an MS-DOS device name in it. All HTTP and emulation services supported by Webconnect may be affected after such an attack.II. ImpactOpenConnect WebConnect running on Windows OS may experience a denial-of-service condition after processing MS-DOS device names in HTTP requests.III. SolutionAffected sites should upgrade to a corrected version of WebConnect, versions 6.4.5 and 6.5.1. Licensed users can send mail to OpenConnect technical support mailto: ocs_support@oc.com, or call +1-972-888-0678.Systems Affected
References
Thanks to Dennis Rand of the Danish Computer Incident Response Team for reporting this vulnerability. This document was written by Jeff S Havrilla, with contributions from Dennis Rand and the OpenConnect WebConnect Development team.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Get Adobe Reader