Simple, secure webserver malformed URL denial of service

simple-webserver-url-dos (10364)

Low Risk

Description:

Simple, secure webserver is vulnerable to a denial of service attack. A remote attacker could connect to the Web server and request a malformed URL to cause the Web server to become unavailable for a lengthy period of time, denying service to other users on the network.

Platforms Affected:

• Symantec, Enterprise Firewall 6.5.2
• Symantec, Enterprise Firewall 7.0
• Symantec, Gateway Security 5110
• Symantec, Raptor Firewall 6.5
• Symantec, Raptor Firewall 6.5
• Symantec, Raptor Firewall 6.5.3
• Symantec, VelociRaptor 1000
• Symantec, VelociRaptor 1100
• Symantec, VelociRaptor 1200
• Symantec, VelociRaptor 1300
• Symantec, VelociRaptor 500
• Symantec, VelociRaptor 700

Remedy:

Apply the Hotfix for this vulnerability, as listed in Symantec Security Response Advisory October 13, 2002. See References.

As a workaround, disable Simple, secure webserver.

Consequences:

Denial of Service

References:

• Advanced IT-Security Advisory #01-10-2002, Symantec Firewall Secure Webserver timeout DoS at http://seclists.org/lists/bugtraq/2002/Oct/0211.html.
• BugTraq Mailing List, 2002-10-14 19:06:48, Multiple Symantec Firewall Secure Webserver timeout DoS at http://marc.theaimsgroup.com/?l=bugtraq&m=103463869503124&w=2.
• Symantec Security Response Advisory October 13, 2002, Symantec Firewall Secure Webserver timeout DoS at http://securityresponse.symantec.com/avcenter/security/Content/2002.10.11.html.
• BID-5958: Multiple Symantec HTTP Proxy Denial of Service Vulnerability
• CVE-2002-0990: The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of service (connection resource exhaustion) via multiple connection requests to domains whose DNS server is unresponsive or does not exist, which generates a long timeout.

Reported:

Oct 14, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page