Jari Ketola
12 Sep 2010 6:40
There is an un-patched vulnerability in OpenX advertisement server that affected the advertisement delivery at AfterDawn.com for short while today. The vulnerability was used to tamper specific files on our advertisement server, which caused advertisements fail to load. Advertisements are served from an isolated server, and no other AfterDawn services were affected at any stage.
The vulnerability is not in OpenX itself, but in an included component of Open Flash Chart 2. The vulnerability has been known for a long time but has not been patched to date. It's effects to OpenX and instructions for fixing and cleaning up after the issue are explained at kreativrauschen.com blog.
In our case the advertisement server simply broke down and delivered no advertisements at all. Access to the server caused Chrome to throw an "Error 330 (net::ERR_CONTENT_DECODING_FAILED): Unknown error" error while Firefox displayed "Content Encoding Error: The page you are trying to view cannot be shown because it uses an invalid or unsupported form of compression."
The server has now been re-installed, the vulnerability fixed and all traces of tampering removed. We apologize for any inconvenience.
-Jari Ketola
CTO, AfterDawn.com