Full Disclosure mailing list archives
Xeneo Web Server 2.2.9.0 Denial Of Service Vulnerability
From: "badpack3t" <badpack3t () security-protocols com>
Date: Mon, 21 Apr 2003 23:39:06 -0400 (EDT)
SP Research Labs Advisory x03 ----------------------------- www.security-protocols.com Product - Xeneo Web Server 2.2.9.0 Download it here: http://www.northernsolutions.com/index.php?view=product&id=1 Date Released - 04/21/2003 Release Mode - Vendor was notified on 3/18/2003. Sent a few emails but never got any replies. So here it goes. ---------------------------- Product Description from the vendor - Xeneo Web Server is designed to deliver high performance and reliability. It can be easily extended and customized to host everything from a personal web site to advanced web applications that use ASP, PHP, ColdFusion, Perl, CGI and ISAPI. Key Xeneo Web Server features include: multiple domain support, integrated Windows authentication, scripting interface, enhanced filter support, ISAPI, CGI, ASP, SSL, intelligent file caching and more. ----------------------------- Vulnerability Description - To exploit this vulnerability, simply do a GET / with 4096 ?'s or more will cause the web server to go down. It is not exploitable at this point. Tested on: Windows XP Pro SP1 Windows 2000 SP3 ----------------------------- proof of concept is attached. peace out, badpack3t www.security-protocols.com ------------------------------
Attachment:
sp-xeneo.pl
Description:
Current thread:
- Xeneo Web Server 2.2.9.0 Denial Of Service Vulnerability badpack3t (Apr 21)