cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:temp.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Site_server | Microsoft | 3.0 (including) | 3.0 (including) |
| Site_server | Microsoft | 3.0-apha (including) | 3.0-apha (including) |
| Site_server | Microsoft | 3.0-sp1 (including) | 3.0-sp1 (including) |
| Site_server | Microsoft | 3.0-sp1_alpha (including) | 3.0-sp1_alpha (including) |
| Site_server | Microsoft | 3.0-sp2 (including) | 3.0-sp2 (including) |
| Site_server | Microsoft | 3.0-sp2_alpha (including) | 3.0-sp2_alpha (including) |
| Site_server | Microsoft | 3.0-sp3 (including) | 3.0-sp3 (including) |
| Site_server | Microsoft | 3.0-sp3_alpha (including) | 3.0-sp3_alpha (including) |
| Site_server | Microsoft | 3.0-sp4 (including) | 3.0-sp4 (including) |
| Site_server | Microsoft | 3.0-sp4_alpha (including) | 3.0-sp4_alpha (including) |
| Site_server_commerce | Microsoft | 3.0 (including) | 3.0 (including) |
| Site_server_commerce | Microsoft | 3.0-alpha (including) | 3.0-alpha (including) |
| Site_server_commerce | Microsoft | 3.0-sp1_alpha (including) | 3.0-sp1_alpha (including) |
| Site_server_commerce | Microsoft | 3.0-sp2_alpha (including) | 3.0-sp2_alpha (including) |
| Site_server_commerce | Microsoft | 3.0-sp3_alpha (including) | 3.0-sp3_alpha (including) |
| Site_server_commerce | Microsoft | 3.0-sp4_alpha (including) | 3.0-sp4_alpha (including) |
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0033.html
- http://www.iss.net/security_center/static/8053.php
- http://www.securityfocus.com/bid/4002
- http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0033.html
- http://www.iss.net/security_center/static/8053.php
- http://www.securityfocus.com/bid/4002