Vulnerability Development mailing list archives
Re: Denial of Service in Xitami webserver all versions up to v2.5b1 for Windows.
From: security () QUARK-XIII DEMON NL (Mitch)
Date: Fri, 31 Mar 2000 09:08:47 +0200
At 19:37 29-03-2000 , you wrote:
Anyone can remotely crash Xitami webserver by sending simple GET command. On remote side will be: Assertion Failed! Module: D:\Imatix\Develop\Smt\Smthttpl.c , line 745 All you need to do is just telnet to remote computer and execute GET<space><enter><enter> command. Also Xitami will crash if you'll execute POST<space><enter><enter> or HEAD<space><enter><enter> command. There is another DoS in Xitami. By default installation Xitami allows anonymous users on ftp. So connect to remote computer as anonymous user and execute cd con/con command. ----------------------------- romanv () citycat ru
Tried to bring it down from a remote account which failed, got std http error msg back. Version Xitami 2.4d1 on Winx, set up for this one on http 8080, without authorisation or ipmasks. Are you sure it ain't because you used a beta version? Or did you test some previous versions as well? Is it in the console or the std. version? Did you compile it yourself or did you get a precompiled version? Questions, questions... Cheers, Mitch.
Current thread:
- Denial of Service in Xitami webserver all versions up to v2.5b1 for Windows. Roman (Mar 29)
- Re: Denial of Service in Xitami webserver all versions up to v2.5b1 for Windows. Mitch (Mar 30)