Web Server 4D/eCommerce 3.5.3 DoS Vulnerability

From: Tamer Sahin (tamer@ONAR.COM.TR)
Date: 01/14/02

Previous message: Tamer Sahin: "RaidenFTPD v2.2 Arbitrary File Deletion Vulnerability (False Advisory)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Tue, 15 Jan 2002 00:41:01 +0200
From: Tamer Sahin <tamer@ONAR.COM.TR>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Type:
DoS, crashes Daemon

Release Date:
December 15, 2002

Product / Vendor:
Web Server 4D/eCommerce is a single application that includes a
shopping cart, credit card authorization, and order tracking - as
well as Web Server 4D 3.5 and WS4D/CGI.

http://www.mdg.com

Summary:
Server crashes after sending very long URL a few times.

http://host/AAAAAAAAA...(Ax2500)...AAA

Tested:
Windows 2000 / Web Server 4D/eCommerce 3.5.3

Vulnerable:
Web Server 4D/eCommerce 3.5.3 (And may be other)

Disclaimer:
http://www.securityoffice.net is not responsible for the misuse or
illegal use of any of the information and/or the software listed on
this security advisory.

Authors:
Tamer Sahin
ts@securityoffice.net
http://www.securityoffice.net

Zillion
zillion@safemode.org
http://www.safemode.org

Tamer Sahin
http://www.securityoffice.net
PGP Key ID: 0x2B5EDCB0 Fingerprint:
B96A 5DFC E0D9 D615 8D28 7A1B BB8B A453 2B5E DCB0

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPENee7uLpFMrXtywEQJ5UwCdHi/weU2SNPg46xFBYTO/5ImKC8gAn3Mi
BayCZnxYrFBZgpXMrZJASc0u
=nDY4
-----END PGP SIGNATURE-----

============================================================================
Delivery co-sponsored by VeriSign - The Internet Trust Company
============================================================================
FREE E-COMMERCE SECURITY INFRASTRUCTURE GUIDE
When building an e-commerce site, you want to start with a strong, secure
foundation. Learn how with VeriSign's FREE White Paper, "Building an
E-Commerce Trust Infrastructure." See how you can authenticate your site to
customers, use 128-Bit SSL encryption to secure your web servers, and accept
secure payments online. Click here:
http://www.verisign.com/cgi-bin/go.cgi?a=n116965650045000
============================================================================

Previous message: Tamer Sahin: "RaidenFTPD v2.2 Arbitrary File Deletion Vulnerability (False Advisory)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Web Server 4D/eCommerce 3.5.3 DoS Vulnerability
... Web Server 4D/eCommerce 3.5.3 DoS Vulnerability ... DoS, crashes Daemon ... PGP Key ID: 0x2B5EDCB0 Fingerprint: ...
(Bugtraq)
Re: Please help, directory level protection needed.
... > you rely on the Web Server to implement a check to control access. ... >> I am trying to implement a secure software update directory. ... > free download to your software program, ...
(microsoft.public.inetserver.iis.security)
RE: newbie -how do you defend your decision?
... Concerning the Web server, IIS 6 is the most secure Web server available. ... Microsoft solution is the support you get, whether from our MVPs, ...
(microsoft.public.dotnet.framework.aspnet)
RE: NT/2000 vs Unix based Web Servers
... front of the web server as part of this discussion but please also note ... high level of security on it and like everything else we discussed they ... do not come secure 'out of the box'. ... Trustix Secure Linux is a ...
(Security-Basics)
RE: "Secure" Web Hosting?
... I think that you mount an Apache Web Server on a Windows 2000 or 2003 (I ... are fine or more secure that usind IIS. ... El contenido de este mail y cualquier archivo adjunto son confidenciales. ...
(Security-Basics)