[20267] in bugtraq
Advisory for SimpleServer:WWW (analogX)
daemon@ATHENA.MIT.EDU (neme-dhc@HUSHMAIL.COM)
Tue Apr 17 14:32:50 2001
Content-type: multipart/mixed;
boundary="Hushpart_boundary_vDWeAzuLEvlKLAZVXAofqIOkEnmOcBEf"
Mime-version: 1.0
Message-ID: <200104171353.GAA25728@user7.hushmail.com>
Date: Tue, 17 Apr 2001 09:51:29 -0500
Reply-To: neme-dhc@HUSHMAIL.COM
From: neme-dhc@HUSHMAIL.COM
To: BUGTRAQ@SECURITYFOCUS.COM
--Hushpart_boundary_vDWeAzuLEvlKLAZVXAofqIOkEnmOcBEf
Content-type: text/plain
[ Advisory for SimpleServer:WWW (analogX) ]
[ SimpleServer:WWW is made by Analogx. Site: http://www.analogx.com ]
[ by nemesystm of the DHC ]
[ (http://dhcorp.cjb.net - neme-dhc@hushmail.com) ]
[ ADV-0103 ]
/-|=[explanation]=|-\
SimpleServer:WWW is a webserver. It has a simple denial of service problem.
/-|=[who is vulnerable]=|-\
Tested to be vulnerable:
SimpleServer:WWW v1.03
SimpleServer:WWW v1.05
SimpleServer:WWW v1.08
This only affects computers running Windows Millennium or Windows 98.
I assume any version between v1.03 and v.108 will be vulnerable to this
as well.
/-|=[testing it]=|-\
To test this vulnerability, try the following.
www.server.com/aux
Wait until you are sure this is sent to the server (timeout can take a while).
Then try to refresh www.server.com. It should be down.
/-|=[fix]=|-\
After notifying AnalogX about this bug a new version was released the
same day. Download version 1.13 to fix this problem. Thanks to Mark
for a extremely quick reply.
Free, encrypted, secure Web-based email at www.hushmail.com
--Hushpart_boundary_vDWeAzuLEvlKLAZVXAofqIOkEnmOcBEf--
