Vulnerability Note VU#705958

HAHTsite Scenario Server fails to handle overly long URLs

Original Release date: 14 Apr 2004 | Last revised: 14 Apr 2004

Overview

HAHTsite Scenario Server fails to properly handle HTTP requests containing an overly long "project name".

Description

HAHTsite Scenario Server is an e-Business platform that consists of a web application server and web development environment. There is a buffer overflow vulnerability in the way HAHTsite Scenario Server processes incoming HTTP requests. By supplying a specially crafted HTTP request containing an overly long "project name", a remote, unauthenticated attacker could cause the HAHTsite Scenario Server process to crash or potentially execute code of the attacker's choice.

Impact

A remote, unauthenticated attacker could cause the HAHTsite Scenario Server process to crash or potentially execute code of the attacker's choice.

Solution

Upgrade

HAHT has published a fix to address this issue. For information on obtaining this fix, please refer to HAHT Knowledge Base Article ID: 20030010.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
HAHT CommerceAffected-12 Apr 2004
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was reported by Dennis Rand.

This document was written by Damon Morda.

Other Information

  • CVE IDs: Unknown
  • Date Public: 02 Apr 2004
  • Date First Published: 14 Apr 2004
  • Date Last Updated: 14 Apr 2004
  • Severity Metric: 10.75
  • Document Revision: 9

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.