HTTP: Pi3web Slash-URL Overflow DoS
This signature detects attempts to exploit a known vulnerability against Pi3Web Server. Attackers can send a URL with more than 354 Slashes (/) to create a denial of service amd crash the server.
Extended Description
A buffer overflow vulnerability has been reported in John Roy Pi3Web web server. The ISAPI application within the server fails to properly handle user supplied input. Requesting a specially crafted URL will cause the buffer to overflow and possibly allow the execution of arbitrary code. Pi3Web has also been known to disclose the physical path to the web root by requesting an invalid URL.
Affected Products
John_roy pi3web
References
BugTraq: 2381
CVE: CVE-2001-0302
URL: http://www.securityfocus.com/bid/2381 http://archives.neohapsis.com/archives/bugtraq/2001-02/0316.html
Short Name
HTTP:OVERFLOW:PI3WEB-SLASH-OF
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2001-0302 DoS Overflow Pi3web Slash-URL bid:2381
Release Date
05/29/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3725
False Positive
Unknown
Vendors
John_roy
CVSS Score
5.0