Signature Detail

HTTP: Abyss Empty Header Denial of Service

This signature detects attempts to exploit a known vulerability against Abyss version 1.1.2. Using a malicious HTTP client, attackers can send a maliciously crafted request that contains an empty Range or Connection header field to a Web server to crash the Web server daemon; the system must be manually restarted to restore service.

Extended Description

Remote attackers can exploit this vulnerability to crash an affected server, causing a denial of service.

References

• URL: http://archives.neohapsis.com/archives/bugtraq/2003-04/0095.html