COMMAND

    metainfo

SYSTEMS AFFECTED

    Win NT

PROBLEM

    Jeff Forristal found another  vulnerability in metainfo -  another
    kind of DoS attack.  If an  attacker was to send a GET request  to
    MetaWeb server that contained around 8K of characters, the MetaWeb
    server process would spike to 100% CPU utilization, and stay there
    indefinately.  Example:

        http://mail.server.com:5000/index.htm?<insert 8K of characters here>

    This would  put the  server in  an unstable  state; now, a regular
    request will cause to to spike and hang:

        http://mail.server.com:5000/

SOLUTION

    MetaInfo  was  contacted  about  this  problem and they released a
    patch to fix this problem.  You can download a copy from

        http://www.forristech.com

    or check to see if it's available on MetaInfo's site yet.