Hi,
WebTrends Enterprise Reporting Server version 1.5 (Linux/Solaris) is vulnerable
to a denial of service attack utilizing the Content-length field passed to
the HTTP daemon. If a negative Content-length is passed to the daemon after a
POST method has been called, the server will stop responding. WebTrends has been
notified and a patch is supposedly in the works. Attached is an example script
to demonstrate the problem.
Version: 1.5 (1.5a has not been tested)
OS: Linux 2.2.x and Solaris (v?)
License: Full
Thanks,
rpc <[EMAIL PROTECTED]>
wtkill.pl
