Home page logo

bugtraq logo Bugtraq mailing list archives

KPMG-2002021: Resin Large Parameter Denial of Service
From: Peter Gründl <pgrundl () kpmg dk>
Date: Mon, 17 Jun 2002 09:23:42 +0200


Title: Resin Large Parameter Denial of Service

BUG-ID: 2002021
Released: 17th Jun 2002

It is possible for a malicious user to cause a Denial of Service
by requesting certain malformed URLs from the Resin web server.

- Resin 2.1.1 standalone on Windows 2000 Server

Not Vulnerable:
- Resin 2.1.2 standalone on Windows 2000 Server

By defining large variables when accessing non-existant ressources,
it is possible to consume the entire workspace on the server. This
will result in hanging parts of or the entire web server.

Vendor URL:
You can visit the vendor webpage here: http://www.caucho.com

Vendor Response:
This was reported to the vendor on the 22nd of May, 2002. On the 11th
of June, 2002 the vendor released a new version that corrects the

Corrective action:
Upgrade to version 2.1.2 available from:

Author: Peter Gründl (pgrundl () kpmg dk)

KPMG is not responsible for the misuse of the information we provide
through our security advisories. These advisories are a service to
the professional security community. In no event shall KPMG be lia-
ble for any consequences whatsoever arising out of or in connection
with the use or spread of this information.

  By Date           By Thread  

Current thread:
  • KPMG-2002021: Resin Large Parameter Denial of Service Peter Gründl (Jun 17)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]