Medium level security hole in FreeProxy

To: news@xxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
Subject: Medium level security hole in FreeProxy
From: Tim Brown <timb@xxxxxxxxxxxxxxxxxxxx>
Date: Tue, 6 Feb 2007 23:08:33 +0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: Nth Dimension
User-agent: KMail/1.9.5

The FreeProxy HTTP proxy server suffers from a denial of service condition 
which causes the server to hang.  This occurs when an attacker makes a 
request for the hostname/portnumber combination in use by the server itself.  
The vendor was notified on the 10th January 2007 and a fix was made available 
on the 24th.  Full details can be found in the attached advisory.
-- 
Tim Brown
<mailto:timb@xxxxxxxxxxxxxxxxxxxx>
<http://www.nth-dimension.org.uk/>

Attachment: NDSA20070206.txt.asc
Description: application/pgp-keys

Prev by Date: MySQLNewsEngine (affichearticles.php3) Remote File Inc. Vuln.
Next by Date: [ MDKSA-2007:035 ] - Updated gd packages fix DoS vulnerability.
Previous by thread: MySQLNewsEngine (affichearticles.php3) Remote File Inc. Vuln.
Next by thread: [ MDKSA-2007:035 ] - Updated gd packages fix DoS vulnerability.
Index(es):
- Date
- Thread