[24333] in bugtraq
ScriptEase MiniWeb Server DoS Vulnerability
daemon@ATHENA.MIT.EDU (Tamer Sahin)
Tue Feb 19 19:18:13 2002
Message-ID: <002301c1b97c$9bae01c0$9fb083d9@ts>
Reply-To: "Tamer Sahin" <ts@securityoffice.net>
From: "Tamer Sahin" <ts@securityoffice.net>
To: <bugtraq@securityfocus.com>
Date: Tue, 19 Feb 2002 21:35:05 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ScriptEase MiniWeb Server DoS Vulnerability
Type:
DoS, crashes Daemon
Release Date:
February 19, 2002
Product / Vendor:
The ScriptEase MiniWeb Server, written entirely in ScriptEase, is
being distributed free by Nombas. This server is not intended to
compete with commercial web servers, rather it is meant to allow you
to easily setup a personal web site and for testing page design and
CGI scripts.
http://www.nombas.com
Summary:
ScriptEase MiniWeb Server is subject to a denial of service.
Submitting a request of unusual length to the host will cause the
server to crash. A restart is required in order to gain normal
functionality.
http://host/AAAAAA...(Ax2000)...AAAAAA
Tested:
Windows 2000 / ScriptEase MiniWeb Server v0.95
Vulnerable:
ScriptEase MiniWeb Server v0.95 (And may be other)
Disclaimer:
http://www.securityoffice.net is not responsible for the misuse or
illegal use of any of the information and/or the software listed on
this security advisory.
Author:
Tamer Sahin
ts@securityoffice.net
http://www.securityoffice.net
Tamer Sahin
http://www.securityoffice.net
PGP Key ID: 0x2B5EDCB0
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQA/AwUBPHKo57uLpFMrXtywEQKBbACgtrwUc1G8n0o4DIA/rdmSrYLFKHAAoJFY
pc1JjM45gP7RgcgW+HLkC+oP
=ALaR
-----END PGP SIGNATURE-----
