[20279] in bugtraq
Advisory for GoAhead Webserver v2.1
daemon@ATHENA.MIT.EDU (neme-dhc@HUSHMAIL.COM)
Tue Apr 17 16:29:39 2001
Content-type: multipart/mixed;
boundary="Hushpart_boundary_qovKgGqnemEeolhzMlRBMuNIxyQQDfav"
Mime-version: 1.0
Message-ID: <200104171352.GAA25610@user7.hushmail.com>
Date: Tue, 17 Apr 2001 09:50:09 -0500
Reply-To: neme-dhc@HUSHMAIL.COM
From: neme-dhc@HUSHMAIL.COM
To: BUGTRAQ@SECURITYFOCUS.COM
--Hushpart_boundary_qovKgGqnemEeolhzMlRBMuNIxyQQDfav
Content-type: text/plain
[ Advisory for GoAhead Webserver v2.1 ]
[ GoAhead Webserver is made by GoAhead. ]
[ Site: http://www.goahead.com ]
[ by nemesystm of the DHC ]
[ (http://dhcorp.cjb.net - neme-dhc@hushmail.com) ]
[ ADV-0104 ]
/-|=[explanation]=|-\
GoAhead is well, a webserver. It has a denial of
service.
/-|=[who is vulnerable]=|-\
Anyone running GoAhead Webserver v2.1 with Windows
9x/ME. I assume prior versions are vulnerable as
well.
/-|=[testing it]=|-\
To test this vulnerability, try the following.
send a request like this one:
GET /aux
then hit return twice.
It looks like everything is normal, but trying to
visit any page on the webserver is impossible.
/-|=[fix]=|-\
Not known at the moment: vendor did not reply.
Free, encrypted, secure Web-based email at www.hushmail.com
--Hushpart_boundary_qovKgGqnemEeolhzMlRBMuNIxyQQDfav--
