Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Servers :: web5705.htm

IBM Websphere remote buffer overflow via long .jsp request
20th Sep 2002 [SBWID-5705]

	IBM Websphere remote buffer overflow via long .jsp request


	IBM Websphere 4.0.3 on Windows 2000 Server


	In Peter Gründl [] of  KPMG  Danemark  advisory  [BUG-ID:
	2002035] :

	The application does not perform  proper  bounds  check  on  large  HTTP
	headers, and as a result the application can  be  crashed  by  a  remote
	user. It could not be established if this  could  lead  to  code  execu-

	If a request is made for a .jsp ressource (the .jsp file does  not  need
	to exist), and the HTTP field "Host" contains 796  characters  or  more,
	the web service will crash. Other HTTP fields  are  also  vulnerable  if
	the size is increased to 4K.

	The web service sometimes recovers on it's own.


	Install PQ62144 (supercedes PQ62249) :



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH