OpenConnect WebConnect may stop responding after processing an HTTP request with an MS-DOS device name in it.
OpenConnect Webconnect provides secured web access and emulation services for backend mainframes and UNIX servers. Versions of Webconnect prior to 6.4.5 and 6.5.1 running on Windows OS may stop responding after processing an HTTP GET or POST request with an MS-DOS device name in it. All HTTP and emulation services supported by Webconnect may be affected after such an attack.
OpenConnect WebConnect running on Windows OS may experience a denial-of-service condition after processing MS-DOS device names in HTTP requests.
Affected sites should upgrade to a corrected version of WebConnect, versions 6.4.5 and 6.5.1. Licensed users can send mail to OpenConnect technical support mailto: firstname.lastname@example.org, or call +1-972-888-0678.
Thanks to Dennis Rand of the Danish Computer Incident Response Team for reporting this vulnerability.
|Date First Published:||2005-02-21|
|Date Last Updated:||2005-02-21 17:17 UTC|