Qualys security scans crash DollarU nodes

Document ID : KB000086661
Last Modified Date : 14/04/2018
Show Technical Document Details
Issue:
Error Message :
universe.log
##############################
| 2014-04-14 20:50:20 |ERROR|X|IO |pid=13569.3801086864| u_io_thread_trt | New client 113 (/ on ) authentication failed: Request size error (Ext-message too long (64924928 bytes, max. 32774)) 
##############################

the EEP and GSI log typically also contain errors at the moment of the "attack"

Patch level detected:Dollar Universe 6.1.00
Product Version: Dollar.Universe 6.1.0

Description :The utility Qualys that tests applications for vulnerabilities crashes DollarU nodes by a TCP/IP request that is longer than expected.
Environment:
OS: Linux
Cause:
Cause type:
Defect
Root Cause: The injection of a messages that is too long into an Authentication request cannot be handled by the IO
Resolution:
Update to the fix version listed below or a newer version if available.

Fix Status: Released

Fix Version(s):
Component: Application.Server
Version: Dollar.Universe 6.2.21
Additional Information:
Workaround :
N/A