Kbase P123828: WebSpeed agents stay busy when calling dict.r with no parameter
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
5/11/2007 |
|
Status: Unverified
FACT(s) (Environment):
Progress 9.x
OpenEdge 10.x
WebSpeed 3.x
SYMPTOM(s):
WebSpeed agents stay busy when calling dict.r with no parameter
Using messenger URL ending with dict.r with no additional parameters in the query string
Sample URL
http://host/scripts/cgiip.exe/WService=wsbroker1/dict.r
Remote denial of service attack is possible against WebSpeed when such crafted URL is used
0Issue occurs also when deploying in "Production" mode
CAUSE:
This is a known issue being investigated by development
FIX:
The recommended immediate workaround is to rename $DLC/src/dict.p, $DLC/tty/dict.r and $DLC/gui/dict.r.
Network administrators should also set up the web server to log any attempts to access URLs ending with dict.r / dict.p.