Vulnerability Development mailing list archives

Denial of Service in Xitami webserver all versions up to v2.5b1 for Windows.

From: webmad () MAIL RU (Roman)
Date: Wed, 29 Mar 2000 19:37:07 +0200


Anyone can remotely crash Xitami webserver by sending simple GET
command. On remote side will be:

Assertion Failed!
Module: D:\Imatix\Develop\Smt\Smthttpl.c , line 745

All you need to do is just telnet to remote computer and execute
GET<space><enter><enter> command. Also Xitami will crash if you'll execute
POST<space><enter><enter> or HEAD<space><enter><enter> command.

There is another DoS in Xitami. By default installation Xitami
allows anonymous users on ftp. So connect to remote computer as
anonymous user and execute cd con/con command.
-----------------------------

romanv () citycat ru

Current thread:

Denial of Service in Xitami webserver all versions up to v2.5b1 for Windows. Roman (Mar 29)
- Re: Denial of Service in Xitami webserver all versions up to v2.5b1 for Windows. Mitch (Mar 30)