Bugtraq mailing list archives
Vulnerabilites in SmallHTTP Server
From: Kotarac Ante <astral () 403-SECURITY ORG>
Date: Tue, 14 Nov 2000 14:14:41 -0000
403-security SECURITY ADVISORY Product: SmallHTTPServer Version: 2.01 Author: astral () 403-security org Homepage: http://www.403-security.org 1st Problem: By default if user send request without file name specified (http://host/subdirectory/) HTTPServer will look for index.html in that folder and if doesn't exist it will fill memory with 68K. Directory doesn't need to exist. So anyone can write a small program that sends lot requests to fill out memory. (5000 request will fill 300Mb of memory) 2nd Problem: SmallHTTPServer supports ServerSidesIncludes.When HTTPServer finds SSI Tag that looks like this <!--#tag_name= <*EMPTY> --> it will crash. #tag_name can be any of supported (#fsize,#include,#printenv...). In order to execute SSI tags file must be *.shtm or *.shtml. 3rd Problem: This insecure Server will crash if attacker sends out few GET, HEAD or POST requests and closes connection before Server answered. Exploit: Maybe ... but still everything is very easy to reproduce. Fix: Vendor fixed this problem by issuing new version (2.03)
Current thread:
- Vulnerabilites in SmallHTTP Server Kotarac Ante (Nov 15)