[27427] in bugtraq
Long URL causes TelCondex SimpleWebServer to crash
daemon@ATHENA.MIT.EDU (Marc Ruef)
Mon Oct 14 22:20:42 2002
Message-ID: <3DA96E62.F4CA6592@computec.ch>
Date: Sun, 13 Oct 2002 15:00:18 +0200
From: Marc Ruef <marc.ruef@computec.ch>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hi!
I've found a vulnerability in TelCondex SimpleWebServer 2.06.20817 Build
3128 (tested on Windows XP Professional). It could be that prior
versions are also affected.
It's possible to crash the web server application with a long URL
(starting from 539 Chars)[1]. You'll see a popup message on the victims
host.
You have to restart the httpd service to get a running web server.
I've informed support@telcondex.de on 02/10/12 about the bug. After a
really friendly response[2] the new version 2.09 without the bug is
available at http://www.yourinfosystem.de/download.htm
Bye, Marc
[1] e.g. http://192.168.0.2/AAA[...]AAA
[2] We discussed the bug and it seems that the problem is in the 32 bit
command control for showing the URLs. In other words, every operating
system reacts in another way.
--
Computer, Technik und Security
http://www.computec.ch
