Some vulnerabilities have been reported in MaxDB, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to NULL pointer dereference errors in the web agent and can be exploited by passing specially crafted user input in HTTP requests.
Successful exploitation crashes the web agent.
The vulnerabilities have been reported in version 7.5.00 for Windows. Other versions may also be affected.
SOFTWARE:
MaxDB 7.x
SOLUTION:
Update to version 7.5.00.24.
http://dev.mysql.com/downloads/maxdb/7.5.00.html
PROVIDED AND/OR DISCOVERED BY:
Discovered by anonymous person and reported via iDEFENSE.
ORIGINAL ADVISORY:
iDEFENSE:
http://www.idefense.com/application/poi/display?id=218&type=vulnerabilities
VERIFY ADVISORY:
http://secunia.com/advisories/14575/
Secunia Security Advisories
http://community.securityteam.us/article.php/20050315101847239