BPM Studio Pro Web management interface DOS device request denial of service
| bpm-http-device-dos (8299) |  Medium Risk |
Description:
BPM Studio Pro is vulnerable to a denial of service attack. If a remote attacker sends a URL request for a DOS device to a vulnerable server, the attacker can cause the server to crash.
Consequences:
Denial of Service
Remedy:
No remedy available as of May 1, 2013.
References:
- ALCATech GmbH Web site: ALCATech - A New Dimension of Digital Audio.
- BugTraq Mailing List, Wed Feb 27 2002 - 04:00:39 CST: BPM STUDIO PRO 4.2 DOS DEVICE PATH VULNERABILITY.
- BugTraq Mailing List, Wed Feb 27 2002 - 18:03:17 CST: Old (and fixed) Windows bug - was Re: BPM STUDIO PRO 4.2 DOS DEVICE PATH VULNERABILITY.
- CVE-2002-1780: BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that allows a remote attacker to cause a denial of service (crash) by sending a URL request for a MS-DOS device such as con. NOTE: it has been disputed that this and possibly other application-level DOS device issues stem from a bug in Windows, and as such, such applications should not be considered vulnerable themselves.
- OSVDB ID: 59245: BPM Studio Pro Web Server MS-DOS Device Request Remote DoS
Platforms Affected:
- ALCATech BPM Studio Pro 4.2
Reported:
Feb 27, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this