The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to cause a denial of service (resource exhaustion) via a GET request without the terminating /r/n/r/n (CRLF) sequence, which causes the interface to wait for the sequence and blocks other users from accessing it.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Superscout_email_filter | Surfcontrol | 3.5 (including) | 3.5 (including) |
| Superscout_email_filter | Surfcontrol | 3.5.1 (including) | 3.5.1 (including) |
| Superscout_email_filter | Surfcontrol | 4.0 (including) | 4.0 (including) |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-10/0137.html
- http://www.iss.net/security_center/static/10322.php
- http://www.securityfocus.com/bid/5931
- http://archives.neohapsis.com/archives/bugtraq/2002-10/0137.html
- http://www.iss.net/security_center/static/10322.php
- http://www.securityfocus.com/bid/5931