Bugtraq mailing list archives
4 New vulns. vWebServer and SmallHTTP
From: Extirpater <extirpater () yahoo com>
Date: Fri, 29 Jun 2001 13:01:21 -0700 (PDT)
vWebServer v1.2.0 (Others?) ---------------------------- Tested system: vWebServer v1.2.0 running under Microsoft Windows 98 (Homepage/Download @ www.vwebserver.com) 1- ASP file source disclosing: Adding a unicoded space character at the end of requested URL, vWebServer shows the ASP file instead of executing it. Example: An example request looks this http://www.TargetHost.com/anything.asp%20 2- DOS device filename vulnerability: Under Windows 9x, using any DOS device names (aux, con, prn, ...) as a filename or directory crashes Windows. vWebServer doesn't filter those requests. Below example crashes both web server and Windows with a blue screen of death. Example: http://www.TargetHost.com/aux/aux 3- Very long URL vulnerability: Requesting a very long URL (i tried 8192 bytes long) will resulted in Error #5, File error. After requesting 2-3 times the same URL, web server will no longer response anything. Restart needed. Example: http://www.TargetHost.com/AAAAAAAAA...(Ax8192)...AAA Vendor: Informed and confirmed. SmallHTTP (All versions vulnerable: 2.x Stables, 3.x Latest beta 8) --------------------------------------------------------------------- Server crashes after sending very long URL a few times. Example: GET /AAA...AAA (8192) HTTP/1.0 Accept: ... Host: ... . . . Vendor: Informed and confirmed. Credits: Melih SARICA (melihsar () yahoo com ) Bilgiteks IT (msarica () bilgiteks com) __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/
Current thread:
- 4 New vulns. vWebServer and SmallHTTP Extirpater (Jul 01)