Hiawatha WebServer 'Content-Length' Denial Of Service Vulnerability Network Vulnerability

Summary

This host is running Hiawatha Web Server and is prone to denial of service vulnerability.

Impact

Successful exploitation could allow remote unauthenticated attackers to cause a denial of service or possibly execute arbitrary code. Impact Level: Application

Solution

Vendor has released a workaround to fix the issue, please refer below link for details on workaround. http://www.hiawatha-webserver.org/weblog/16 For updates refer to http://www.hiawatha-webserver.org

Insight

The flaw is due to the way Hiawatha web server validates requests with a bigger 'Content-Length' causing application crash.

Affected

Hiawatha Webserver Version 7.4, Other versions may also be affected.

References

http://packetstormsecurity.org/files/view/99021/DCA-2011-0006.txt
http://www.exploit-db.com/exploits/16939/

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C

Related Vulnerabilities

Google Chrome Multiple Denial of Service Vulnerabilities - February 11(Linux)
ClamAV Multiple Vulnerabilities (Win)
Asterisk IAX2 Call Number Exhaustion DOS Vulnerability (Linux)
Active Perl Denial of Service Vulnerability (Windows)
Adobe Reader '.ETD File' Denial of Service Vulnerability (Mac OS X)

Hiawatha WebServer 'Content-Length' Denial of Service Vulnerability

Take action and discover your vulnerabilities