COMMAND

	DevWex Denial of Service and Directory traversal

SYSTEMS AFFECTED

	Seanox DevWex 1.2002.0520 Windows binary

PROBLEM

	Ueli Kistler [http://www.eclipse.fr.fm] found following:
	

	DevWex is a small and flexible Webserver  running  as  standalone  win32
	binary and as JAVA application.
	

	

	 Buffer-overflow problem

	 -----------------------

	

	It exists a buffer-overflow problem in  the  procedure  handling  a  GET
	command. Sending at least 258383  caracters  with  a  GET  command  will
	crash the server and make it inaccessible. This could perhaps  allow  an
	attacker to execute shellcode.
	

	

	Example: GET 258383xA+CRLF+CRLF

	

	

	

	 Directory traversal

	 -------------------

	

	An attacker can request an URL containing  Windows  path  delimiters  to
	break out of the document root of DevWex. This  allows  an  attacker  to
	download sensitive data.
	

	

	Example: GET /..\\..\\..\\..\\anyfile

	

SOLUTION

	Seanox has released a new version (1.2002.0601)