Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability
From: tecklord@xxxxxxxxxxxxxx
Date: Sat, 22 Nov 2008 15:29:46 -0700
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Vulnerability is confirmed on Pi3Web 2.03 PL 2. If an attacker sends a request 
to one of the files in the isapi directory, the dialog box appears on the host 
system. Until the OK button on the host system is pressed, Pi3Web does not 
serve any requests. There is no application crash, but technically, it`s a DoS.

Prev by Date: Re: Re: Re: MS Internet Explorer 7 Denial Of Service Exploit
Next by Date: Re: MS Internet Explorer 7 Denial Of Service Exploit
Previous by thread: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability
Next by thread: Re: Re: Wrong report: BID 32287, Pi3Web ISAPI DoS vulnerability
Index(es):
- Date
- Thread