SecurityOffice Security Advisory:// Essentia Web Server DoS Vulnerability

["Tamer Sahin" <ts () securityoffice net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Essentia Web Server DoS Vulnerability

Type:

DoS, crashes Daemon

Release Date:

February 22, 2002

Product / Vendor:

The Essentia Web Server provides Enhanced Web Application and
Communication Services. Whether you are setting up a simple Web Site
on your Corporate Intranet or creating large sites for the Internet,
Essentia provides a simple and flexible way to make an even stronger
Web and Applications Platform. 

http://www.essencomp.com/

Summary:

Essentia Web Server is subject to a denial of service. Submitting a
request of unusual length to the host will cause the server to crash.
A restart is required in order to gain normal functionality.

http://host/AAAAAA...(Ax2000)...AAAAAA

Tested:

Windows 2000 / Essentia Web Server 2.1

Vulnerable:

Essentia Webserver 2.1 (And may be other.)

Disclaimer:

http://www.securityoffice.net is not responsible for the misuse or
illegal use of any of the information and/or the software listed on
this security advisory.

Author:

Tamer Sahin
ts () securityoffice net
http://www.securityoffice.net

Tamer Sahin
http://www.securityoffice.net
PGP Key ID: 0x2B5EDCB0

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPHWDb7uLpFMrXtywEQJ4xQCgpG9H9237UzLL8t4glRutLCb3ACoAoLT4
0Uuqb5ckaDSno+3A4NqjM8o7
=1Yzo
-----END PGP SIGNATURE-----