Denial of Service Vulnerability in Perforce P4Web on Windows
CVE-2007-6349

Currently unrated

Key Information:

Vendor: Perforce
Status: P4web
Vendor: CVE Published:; 20 December 2007

What is CVE-2007-6349?

The vulnerability found in P4Webs.exe of Perforce P4Web 2006.2 and earlier versions running on Windows enables remote attackers to exploit the system. By sending an HTTP request that contains an empty body but specifies a Content-Length greater than zero, an attacker can trigger excessive CPU consumption leading to service unavailability. Proper safeguards should be implemented to mitigate the impact of this vulnerability on system performance.

References

http://securityreason.com/securityalert/3476

third-party-advisoryx_refsource_SREASON

http://secunia.com/advisories/28158

third-party-advisoryx_refsource_SECUNIA

http://www.osvdb.org/39297

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2007
Vulnerability Reserved
Dec 14, 2007