[19286] in bugtraq
NetSuite 1.02 web server vulnerabilty
daemon@ATHENA.MIT.EDU (Phiber)
Mon Feb 19 19:55:07 2001
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-2"
Content-Transfer-Encoding: 7bit
Message-ID: <002701c09ac1$3a9ce3e0$01000001@phiber>
Date: Mon, 19 Feb 2001 23:13:43 +0100
Reply-To: Phiber <phiber@xatrix.org>
From: Phiber <phiber@xatrix.org>
To: BUGTRAQ@SECURITYFOCUS.COM
Discovered by : Xatrix Security (17/02/2001)
http://www.xatrix.org
Vulnerable Server: Moby Netsuite Web Server
Infected Version: 1.02
Vendor Conacted: YES
~~~~~~~~~~~~~~~~~~~
Description:
- Moby Netsuite web server is free web server for win 9x/NT
which can be downloaded from http://www.mobydisk.com.
It supports CGI scripting and it is easly configurable.
Impact:
- By sending more than 200 charachters it can be crashed ...
(Windows kernel will report that NetSuite has caused an unknown error :)
Example:
www.SITE.com/ [ more than 200 a's]
Solution: Wait for new version of NeSuite web server or a patch.
[ EOF - 18/02/2001 ]
Regards,
-------------------------------------------
- Phiber
"Security is completly theoretical"
Xatrix Security, http://xatrix.org
