Reported November 9, 2000 by Xato Network Security
The denial of service is accomplished by entering the following url; http://www.example.com/cgi-bin/c32web.exe/ShowProgress
This will cause CPU usage to jump to 100%.
The second issue, information leakage displaying full physical paths of directories can be accomplished with the following URLs;
The Cart 32 team at McMurtrey/Whitaker & Associates has addressed these issues in the latest version 3.5a and has recommended that users read the knowledge base articles provided on their web site. http://www.cart32.com