Vulnerability II


This vulnerability appeared on Bugtraq.


By sending a request with a filename containing very many slash signs, in the order of hundreds of thousands, the server starts taking very much CPU time and for all appears frozen.


Vulnerable are Compieuw and Compieuw.1 and possibly earlier versions. Fixed in Compieuw.2

Description of the fix

The URL in a request is now limited to 260 characters, which is the maximum file path length on Windows. This amount of characters is not enough to freeze the server for a significal amount of time.

As a result of the fix, you can not create virtual folders with very long names, that map to real folders with short names.