CVE
- Id
- 950
- CVE No.
- CVE-1999-0970
- Status
- Candidate
- Description
- The OmniHTTPD visadmin.exe program allows a remote attacker to conduct a denial of service via a malformed URL which causes a large number of temporary files to be created.
- Phase
- Modified (20020226-01)
- Votes
- ACCEPT(3) Baker, Blake, Stracener | MODIFY(1) Frech | NOOP(1) Christey | REVIEWING(1) Levy
- Comments
- Frech> XF:omnihttpd-dos | Christey> Some sort of confirmation might be findable at: | http://www.omnicron.ab.ca/httpd/docs/release.html | Christey> See http://www.omnicron.ab.ca/index.html | The August 16, 2000 news item says "This release fixes some | security problems." It"s for version 2.07, but the discloser | didn"t say what version was available. | | Other security fixes are in the release notes at | http://www.omnicron.ab.ca/httpd/docs/release.html Notes for | Professional Version 1.01 say "Patched up two security weaknesses." | Notes for version 2.07 say "Fixes dot-appending vulnerability." | Professional Alpha 7 says "Revamped CGI launching and security," | Professional Alpha 4 says "Fixed SSI path mapping and security | problems," Alpha 5 says "Security fixup." | | In other words, you can"t tell whether they"ve fixed this bug | or not. | Christey> BID:1808 | URL:http://www.securityfocus.com/bid/1808
