ScriptEase MiniWeb Server DoS Vulnerability

From: Tamer Sahin (ts@SECURITYOFFICE.NET)
Date: 02/19/02 

Date:         Wed, 20 Feb 2002 00:56:14 +0200
From: Tamer Sahin <ts@SECURITYOFFICE.NET>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ScriptEase MiniWeb Server DoS Vulnerability

Type:

DoS, crashes Daemon

Release Date:

February 19, 2002

Product / Vendor:

The ScriptEase MiniWeb Server, written entirely in ScriptEase, is
being distributed free by Nombas. This server is not intended to
compete with commercial web servers, rather it is meant to allow you
to easily setup a personal web site and for testing page design and
CGI scripts.

http://www.nombas.com

Summary:

ScriptEase MiniWeb Server is subject to a denial of service.
Submitting a request of unusual length to the host will cause the
server to crash. A restart is required in order to gain normal
functionality.

http://host/AAAAAA...(Ax2000)...AAAAAA

Tested:

Windows 2000 / ScriptEase MiniWeb Server v0.95

Vulnerable:

ScriptEase MiniWeb Server v0.95 (And may be other)

Disclaimer:

http://www.securityoffice.net is not responsible for the misuse or
illegal use of any of the information and/or the software listed on
this security advisory.

Author:

Tamer Sahin
ts@securityoffice.net
http://www.securityoffice.net

Tamer Sahin
http://www.securityoffice.net
PGP Key ID: 0x2B5EDCB0

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPHLYDLuLpFMrXtywEQLIngCghZ3zpSNCTDxB1J6jWESemMbJ5GUAoJhn
PQRi7sufuLCmbOvZyPQlU5c5
=CqVz
-----END PGP SIGNATURE-----

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by Qualys - Make Your Network Secure
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Go Beyond PARTIAL Security: FREE White Paper

Stop hassling with half-baked ENTERPRISE SECURITY.
FREE White Paper shows you how to ensure TOTAL security for your Internet
perimeter with the most current and most complete PROACTIVE Vulnerability
Assessment solution. Get your FREE White Paper now. Click here!
https://www.qualys.com/forms/techwhite_86.html
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

Relevant Pages

  • Alert: Release of MS02-008 Security Bulletin - MSXML
    ... Microsoft rates this issue as Moderate for Internet/Intranet services, ... Stop hassling with half-baked ENTERPRISE SECURITY. ... FREE White Paper shows you how to ensure TOTAL security for your Internet ... perimeter with the most current and most complete PROACTIVE Vulnerability ...
    (NT-Bugtraq)
  • Alert: Release of MS02-007 Security Bulletin - MS SQL 7.0 and OLE DB providers
    ... Microsoft have released a new security bulletin addressing, seemingly, ... Go Beyond PARTIAL Security: FREE White Paper ... FREE White Paper shows you how to ensure TOTAL security for your Internet ... perimeter with the most current and most complete PROACTIVE Vulnerability ...
    (NT-Bugtraq)
  • [NT] ScriptEase MiniWeb Server DoS
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The ScriptEase MiniWeb Server was written entirely in ScriptEase, ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)
  • SecurityOffice Security Advisory:// Essentia Web Server Directory Traversal Vulnerability
    ... Essentia Web Server Directory Traversal Vulnerability ... Go Beyond PARTIAL Security: FREE White Paper ... FREE White Paper shows you how to ensure TOTAL security for your Internet ...
    (NT-Bugtraq)
  • Alert: Release of MS02-009 Security Bulletin - Cross-domain VBScripting
    ... Vulnerability allows VBScript launched in one frame, ... Stop hassling with half-baked ENTERPRISE SECURITY. ... FREE White Paper shows you how to ensure TOTAL security for your Internet ... perimeter with the most current and most complete PROACTIVE Vulnerability ...
    (NT-Bugtraq)