Gattaca Server 2003多个服务拒绝漏洞

Gattaca Server 2003 1.1.10.0版本存在漏洞。远程攻击者借助目录说明符导致服务拒绝（CPU消耗），这些目录说明符在(1)index.tmpl和(2)web.tmpl的LANGUAGE参数中，比如(a)斜线\”/\”，(b) 反斜线 \”＼\”，(c)点 \”.\”，(d)点 点 \”..\”，和(e)内部斜线\”lang//en\”。

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .
@securityfocus.com>

来源: www.gattaca-server.com
链接:http://www.gattaca-server.com/cgi-bin/yabb/YaBB.pl?board=gattaca_discussion;action=display;num=1091194176;start=0#0

来源: XF
名称: gattaca-language-path-disclosure(16700)
链接:http://xforce.iss.net/xforce/xfdb/16700

来源: BID
名称: 10728
链接:http://www.securityfocus.com/bid/10728

来源: OSVDB
名称: 7923
链接:http://www.osvdb.org/7923

来源: SECTRACK
名称: 1010703
链接:http://securitytracker.com/id?1010703

来源: SECUNIA
名称: 12071
链接:http://secunia.com/advisories/12071

来源: members.lycos.co.uk
链接:http://members.lycos.co.uk/r34ct/main/Gattaca%20Server%202003.txt