TUCoPS :: Web :: Servers :: worm2.htm

Worm HTTP Server v1.0 very long filename in URL DoS
Vulnerability

    Worm

Affected

    Worm HTTP Server v1.0

Description

    Following  is  based  on   a  Delphis  Consulting  Security   Team
    Advisories.   It  is  possible  to  cause  a  denial of service by
    passing a  very log  filename in  the url.   This causes  the Worm
    HTTP server  to crash  with a  'runtime error'  causeing denial of
    service.

    It is possible to traverse directories lower than the web root  by
    knowing  the  exact  path  and  filename  of  the file you wish to
    retrieve.  This  is done by  executing the double-dot-bug  similar
    to other web servers.

Solution

    Vendor is informed.  The  work around for the directory  traversal
    exploit will only work under WindowsNT.  Due to the fact that  the
    Worm HTTP server runs as  the useraccount which started it  allows
    you to  set appropriate  NTFS permissions  to limit  the files the
    webserver is able to access.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH