Description: A vulnerability has been reported in Novell eDirectory, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error within dhost.exe when processing "Connection" headers in a HTTP request. This can be exploited to cause dhost.exe to consume large amounts of CPU resource by e.g. sending an HTTP request containing two "Connection" headers or a "Connection" header with two values to default port 8028/TCP.
The vulnerability affects the following versions on Windows 2000/2003 systems:
* Novell eDirectory 8.8.1 and prior
* Novell eDirectory 8.7.3.9 and prior
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.