[33233] in bugtraq
Resources consumption in Reptile webserver daily version
daemon@ATHENA.MIT.EDU (Donato Ferrante)
Sat Jan 24 14:49:32 2004
Message-ID: <006801c3e2a1$55b679e0$72bb623e@BlueHell>
From: "Donato Ferrante" <fdonato@autistici.org>
To: <bugtraq@securityfocus.com>
Date: Sat, 24 Jan 2004 18:41:40 +0100
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Donato Ferrante
Application: Reptile Web Server
http://sourceforge.net/projects/reptilews
Version: daily version
Bug: resources consumption
Author: Donato Ferrante
e-mail: fdonato@autistici.org
web: www.autistici.org/fdonato
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
1. Description
2. The bug
3. The code
4. The fix
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
----------------
1. Description:
----------------
Vendor's Description:
"Reptile is a web server made in Python. It supports server side
scripting with "Embedded Python", PHP, and CGI scripts. It has an
integrated HTML/XML validator that checks the pages before publication
and others handy features."
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
------------
2. The bug:
------------
The program doesn't well manage the user input string.
In fact it waits the HTTP version. So an attacker can consume a lot of
CPU resources, sending crafted strings.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-------------
3. The code:
-------------
To test the vulnerability simply send to the webserver some (about 10)
strings like:
GET index.htm
without specify the HTTP* at the end of the GET request, and where
the requested file must be avaible in the public_html directory.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
------------
4. The fix:
------------
No fix.
Reptile Web Server is no more supported.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
