Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Vulnerabilites in SmallHTTP Server

From: Kotarac Ante <astral () 403-SECURITY ORG>
Date: Tue, 14 Nov 2000 14:14:41 -0000
403-security SECURITY ADVISORY

Product: SmallHTTPServer
Version: 2.01
Author: astral () 403-security org
Homepage: http://www.403-security.org
 
1st Problem:
By default if user send request without file name 
specified (http://host/subdirectory/) 
HTTPServer will look for index.html in that folder and 
if doesn't exist it will fill memory 
with 68K. Directory doesn't need to exist. So anyone 
can write a small program that sends
lot requests to fill out memory. (5000 request will fill 
300Mb of memory)
 
2nd Problem:
SmallHTTPServer supports 
ServerSidesIncludes.When HTTPServer finds SSI 
Tag that looks 
like this <!--#tag_name= <*EMPTY> --> it will crash. 
#tag_name can be any of supported 
(#fsize,#include,#printenv...). In order to execute SSI 
tags file must be *.shtm or *.shtml.
 
3rd Problem:
This insecure Server will crash if attacker sends out 
few GET, HEAD or POST requests and closes 
connection before Server
answered.
 

Exploit: Maybe ... but still everything is very easy to 
reproduce.
Fix: Vendor fixed this problem by issuing new version 
(2.03)
Previous By Date Next
Previous By Thread Next

Current thread: