Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:OVERFLOW:PI3WEB-SLASH-OF

Severity

 Medium

Recommended

 No

Category

 HTTP

Keywords

 Pi3web Slash-URL Overflow DoS

Release Date

 2003/05/28

Update Number

 1213

Supported Platforms

 di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Pi3web Slash-URL Overflow DoS


This signature detects attempts to exploit a known vulnerability against Pi3Web Server. Attackers can send a URL with more than 354 Slashes (/) to create a denial of service amd crash the server.

Extended Description

A buffer overflow vulnerability has been reported in John Roy Pi3Web web server. The ISAPI application within the server fails to properly handle user supplied input. Requesting a specially crafted URL will cause the buffer to overflow and possibly allow the execution of arbitrary code. Pi3Web has also been known to disclose the physical path to the web root by requesting an invalid URL.

Affected Products

  • John Roy Pi3Web 1.0.1

References

  • BugTraq: 2381
  • CVE: CVE-2001-0302
  • URL: http://www.securityfocus.com/bid/2381
  • URL: http://archives.neohapsis.com/archives/bugtraq/2001-02/0316.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out