FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

hiawatha -- integer overflow in Content-Length header parsing

Affected packages
hiawatha < 7.4_1

Details

VuXML ID b13414c9-50ba-11e0-975a-000c29cc39d3
Discovery 2011-02-25
Entry 2011-03-17

Hugo Leisink reports:

A bug has been found in version 7.4 of the Hiawatha webserver, which could lead to a server crash. This is caused by an integer overflow in the routine that reads the HTTP request. A too large value of the Content-Length HTTP header results in an overflow.

[source]

References

URL http://packetstormsecurity.org/files/99021/Hiawatha-WebServer-7.4-Denial-Of-Service.html
URL http://seclists.org/bugtraq/2011/Mar/65
URL http://secunia.com/advisories/43660/
URL http://securityvulns.com/Zdocument902.html
URL http://www.hiawatha-webserver.org/weblog/16

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.