Bugtraq mailing list archives
Re: IBM HTTP SERVER / APACHE (DoS)
From: hdm () SECUREAUSTIN COM (H D Moore)
Date: Thu, 1 Jun 2000 10:24:43 -0500
Hi,
While I was poking around looking for more vulberabilities, I noticed
that sending a request like:
GET /DIR/.../ HTTP/1.0
would give me the same response as GET /DIR/ HTTP/1.0
So I sent off a request that looked like this:
GET /DIR/%2e%2e%2e%00%2e%2e HTTP/1.0
and the server told me /DIR/... was not found...
And finally I tried:
GET /DIR/%2e%2f%2e%2e%2e HTTP/1.0
And the server simple crashed, burned, and stopped accepting
connections. Whether the DoS was triggered by the earlier request
containing the null character or the single %2e%2f sequence is unknown.
Since I did not have access to the test machine's console, I dont know
what the impact besides the obvious DoS is...
Anyone running one of these and feel like playing?
-HD
http://www.secureaustin.com (spidermap/nlog/etc)
Marek Roy wrote:
I haven't seen any advisories for IBM HTTP SERVER running Apache. There is a crucial number of "/" (forward slash) you can use to retrieve the contents of the root directory of this particular Web Server. Using this vulnerability, you can retrieve any files or scripts running from that directory and sub-directories.
[ snip ]
Marek Roy
Current thread:
- Re: IBM HTTP SERVER / APACHE (DoS) H D Moore (Jun 01)
- Re: IBM HTTP SERVER / APACHE (DoS) H D Moore (Jun 01)
- [rootshell.com] Xterm DoS Attack Kit Knox (Jun 01)
- Re: [rootshell.com] Xterm DoS Attack Michael Jennings (Jun 01)
- Re: [rootshell.com] Xterm DoS Attack Walt (Jun 01)
- Re: [rootshell.com] Xterm DoS Attack Soeren Staun-Pedersen (Jun 02)
- Insecure encryption in PassWD v1.2 Daniel Roethlisberger (Jun 03)
- Re: [rootshell.com] Xterm DoS Attack Wakko Ellington Warner-Warner III (Jun 04)
- Linux-Mandrake Xlockmore security update Chmouel Boudjnah (Jun 04)
- Microsoft BackOffice component: adredir.asp Michal Zalewski (Jun 03)
- Re: [rootshell.com] Xterm DoS Attack Darren Reed (Jun 02)