Solaris ab2 (DynaWeb) Server DoS &潜在木马漏洞

漏洞信息详情

Solaris ab2 (DynaWeb) Server DoS &潜在木马漏洞

• CNNVD编号：CNNVD-199808-014
• 危害等级： 高危
  
  
• CVE编号：
  CVE-1999-1417
  
• 漏洞类型：
  
  
  格式化字符串
  
• 发布时间：
  
  1998-08-23
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  inso
• 漏洞来源：
  This vulnerability…

AnswerBook2 (AB2)网络服务器dwhttpd 3.1a4版本中存在格式字符串漏洞。远程攻击者通过编码HTTP请求中的\\%字符，导致服务拒绝以及可能执行任意命令，该过程被不正当地记录。

AB2 technology is a third-party product from INSO who provides ‘dwhttpd’ as part of their DynaWeb toolkit. DynaWeb is an implementation of dynamic hypertext, where there are no preexisting web pages. Instead, the pages that you see are constructed on the fly by searching for the most relevant documents based on the links that you select.
This bug is apparently fixed in Solaris 2.7. It is unknown if INSO updated the DynaWeb package for external release.

来源: BID
名称: 253
链接:http://www.securityfocus.com/bid/253

来源: BUGTRAQ
名称: 19980823 Solaris ab2 web server is junk
链接:http://www.securityfocus.com/archive/1/10383