exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Artofdefence Hyperguard Denial Of Service

Artofdefence Hyperguard Denial Of Service
Posted Jul 1, 2009
Authored by Michael Kirchner, Lukas Nothdurfter, Wolfgang Neudorfer

The Artofdefence Hyperguard Web Application Firewall versions 3.1.1-11637 and below, 3.0.3-11636 and below, and 2.5.5-11635 and below suffer from a remote denial of service vulnerability.

tags | advisory, remote, web, denial of service
SHA-256 | 077fa1d7da95167820fcb7c5c476adaf80128eb524005dba79c0191d3114b29b

Artofdefence Hyperguard Denial Of Service

Change Mirror Download

Security Advisory
---------------------------------------
Vulnerable Software: Artofdefence Hyperguard Web Application Firewall
Vulnerable Version: 3 branches: prior to 3.1.1-11637; prior to
3.0.3-11636; prior to 2.5.5-11635 (Apache Plug-in)
Homepage: http://www.artofdefence.com/
Found by: Michael Kirchner, Wolfgang Neudorfer,
Lukas Nothdurfter (Team h4ck!nb3rg)
Impact: Remote Denial of Service


Product Description
---------------------------------------
Hyperguard is a latest-generation enterprise Web application firewall
with attack detection and attack protection functions that are freely
configurable. Hyperguard enables centralised security monitoring,
reporting and alerting and provides custom protection for your Web
applications against external attacks.
[Source: http://www.artofdefence.com/en/hyperguard/hyperguard.html]


Vulnerability Description
---------------------------------------
The Artofdefence Hyperguard Web Application Firewall operates as a
reverse proxy module between the clients and the web server to be
protected. All HTTP requests are checked before being forwarded to the
web server. By sending specially crafted HTTP POST requests an attacker
is able to trigger high memory usage on the WAF. By repeatedly sending
the request the available memory is exhausted resulting in a kernel
panic and therefore a denial of service.
The vulnerability can be triggered by sending HTTP POST requests with a
high "Content-Length" header value set but without transmitting any
content. Artofdefence Hyperguard is available as a plug-in for several
web servers. The vulnerability was confirmed in connection with the
Apache web server module. Other modules have not been tested.


Proof of Conept
---------------------------------------
With 1 GB of free memory available on the WAF the kernel panic occured
after sending ~350 crafted requests.


Vulnerable Versions
---------------------------------------
The tested version was of the 3.1.1 branch prior to 3.1.1-11637.
According to the vendor the other two branches were also vulnerable (see
version description in the header).


Patch
---------------------------------------
The vendor provides an updated version of the product for all three
branches (see version description in the header).


Contact Timeline
---------------------------------------
2009-05-22: Vendor informed
2009-05-22: Inital vendor reply
2009-05-25: Vulnerability confirmed
2009-05-29: Patched version available
2009-07-01: Public release


Further information
---------------------------------------
Information about the web application firewall project this advisory
originates from can be found at:
http://www.h4ck1nb3rg.at/wafs/
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close