Kbase P123830: WebSpeed agents stay busy when calling _comp.r with no parameter
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
5/11/2007 |
|
Status: Unverified
FACT(s) (Environment):
Progress 9.x
OpenEdge 10.x
WebSpeed 3.x
SYMPTOM(s):
WebSpeed agents stay busy when calling _comp.r with no parameter
Using messenger URL ending with _comp.r with no additional parameters in the query string
Sample URL
http://host/scripts/cgiip.exe/WService=wsbroker1/comp.r
Remote denial of service attack is possible against WebSpeed when such crafted URL is used
Issue occurs also when deploying in "Production" mode
CAUSE:
This is a known issue being investigated by development
FIX:
The recommended immediate workaround is to rename $DLC/src/_comp.p, $DLC/tty/_comp.r and $DLC/gui/comp.r.
Network administrators should also set up the web server to log any attempts to access URLs ending with comp.r / comp.p.