CVE-2004-0466

Properties

Published:
20.02.2004
Updated:
20.10.2005
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:R/AC:L/Au:NR/C:N/I:N/A:C/B:N) Approximated
    Product:
    OpenConnect: WebConnect
    OpenConnect: WebConnect

    Vulnerability description

    WebConnect 6.5, 6.4.4, and possibly earlier versions allows remote attackers to cause a denial of service (hang) via a URL containing an MS-DOS device name such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1.

    References:

    BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=110910838600145&w=2
    MISC: http://www.cirt.dk/advisories/cirt-29-advisory.pdf
    CONFIRM: http://www.kb.cert.org/vuls/id/JSHA-69FVMM
    CERT-VN: http://www.kb.cert.org/vuls/id/552561
    SECUNIA: http://secunia.com/advisories/14006/
    XF: http://xforce.iss.net/xforce/xfdb/19393
    BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=110910838600145&w=2