Short Name |
HTTP:OVERFLOW:PI3WEB-SLASH-OF |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
Pi3web Slash-URL Overflow DoS |
Release Date |
2003/05/28 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Pi3Web Server. Attackers can send a URL with more than 354 Slashes (/) to create a denial of service amd crash the server.
A buffer overflow vulnerability has been reported in John Roy Pi3Web web server. The ISAPI application within the server fails to properly handle user supplied input. Requesting a specially crafted URL will cause the buffer to overflow and possibly allow the execution of arbitrary code. Pi3Web has also been known to disclose the physical path to the web root by requesting an invalid URL.