4 New vulns. vWebServer and SmallHTTP

[Extirpater <extirpater () yahoo com>]

vWebServer v1.2.0 (Others?)
----------------------------
Tested system: vWebServer v1.2.0 running under
Microsoft Windows 98 (Homepage/Download @
www.vwebserver.com)

1- ASP file source disclosing:

Adding a unicoded space character at the end of
requested URL, vWebServer shows the ASP file instead
of executing it.

Example:
An example request looks this       
http://www.TargetHost.com/anything.asp%20



2- DOS device filename vulnerability:

Under Windows 9x, using any DOS device names (aux,
con, prn, ...) as a filename or directory crashes
Windows.
vWebServer doesn't filter those requests.

Below example crashes both web server and Windows with
a blue screen of death.

Example:
http://www.TargetHost.com/aux/aux


3- Very long URL vulnerability:

Requesting a very long URL (i tried 8192 bytes long)
will resulted in Error #5, File error.
After requesting 2-3 times the same URL, web server
will no longer response anything. Restart needed.

Example:
http://www.TargetHost.com/AAAAAAAAA...(Ax8192)...AAA


Vendor: Informed and confirmed.


SmallHTTP (All versions vulnerable: 2.x Stables,  3.x
Latest beta 8)
---------------------------------------------------------------------

Server crashes after sending very long URL a few
times.

Example:

GET /AAA...AAA (8192) HTTP/1.0
Accept: ...
Host: ...
.
.
.

Vendor: Informed and confirmed.

Credits: Melih SARICA (melihsar () yahoo com )
        Bilgiteks IT (msarica () bilgiteks com)



__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/