search menu icon-carat-right cmu-wordmark

CERT Coordination Center

HAHTsite Scenario Server fails to handle overly long URLs

Vulnerability Note VU#705958

Original Release Date: 2004-04-14 | Last Revised: 2004-04-14

Overview

HAHTsite Scenario Server fails to properly handle HTTP requests containing an overly long "project name".

Description

HAHTsite Scenario Server is an e-Business platform that consists of a web application server and web development environment. There is a buffer overflow vulnerability in the way HAHTsite Scenario Server processes incoming HTTP requests. By supplying a specially crafted HTTP request containing an overly long "project name", a remote, unauthenticated attacker could cause the HAHTsite Scenario Server process to crash or potentially execute code of the attacker's choice.

Impact

A remote, unauthenticated attacker could cause the HAHTsite Scenario Server process to crash or potentially execute code of the attacker's choice.

Solution

Upgrade

HAHT has published a fix to address this issue. For information on obtaining this fix, please refer to HAHT Knowledge Base Article ID: 20030010.

Vendor Information

705958
 

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was reported by Dennis Rand.

This document was written by Damon Morda.

Other Information

CVE IDs: None
Severity Metric: 10.75
Date Public: 2004-04-02
Date First Published: 2004-04-14
Date Last Updated: 2004-04-14 21:39 UTC
Document Revision: 12

Sponsored by CISA.