cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:temp.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Site_server | Microsoft | 3.0 (including) | 3.0 (including) |
| Site_server | Microsoft | 3.0-apha (including) | 3.0-apha (including) |
| Site_server | Microsoft | 3.0-sp1 (including) | 3.0-sp1 (including) |
| Site_server | Microsoft | 3.0-sp1_alpha (including) | 3.0-sp1_alpha (including) |
| Site_server | Microsoft | 3.0-sp2 (including) | 3.0-sp2 (including) |
| Site_server | Microsoft | 3.0-sp2_alpha (including) | 3.0-sp2_alpha (including) |
| Site_server | Microsoft | 3.0-sp3 (including) | 3.0-sp3 (including) |
| Site_server | Microsoft | 3.0-sp3_alpha (including) | 3.0-sp3_alpha (including) |
| Site_server | Microsoft | 3.0-sp4 (including) | 3.0-sp4 (including) |
| Site_server | Microsoft | 3.0-sp4_alpha (including) | 3.0-sp4_alpha (including) |
| Site_server_commerce | Microsoft | 3.0 (including) | 3.0 (including) |
| Site_server_commerce | Microsoft | 3.0-alpha (including) | 3.0-alpha (including) |
| Site_server_commerce | Microsoft | 3.0-sp1_alpha (including) | 3.0-sp1_alpha (including) |
| Site_server_commerce | Microsoft | 3.0-sp2_alpha (including) | 3.0-sp2_alpha (including) |
| Site_server_commerce | Microsoft | 3.0-sp3_alpha (including) | 3.0-sp3_alpha (including) |
| Site_server_commerce | Microsoft | 3.0-sp4_alpha (including) | 3.0-sp4_alpha (including) |