SecurityOffice Security Advisory:// Essentia Web Server DoS Vulnerability

From: Tamer Sahin (tamer@ONAR.COM.TR)
Date: 02/22/02

Previous message: Tamer Sahin: "SecurityOffice Security Advisory:// Essentia Web Server Directory Traversal Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Fri, 22 Feb 2002 22:16:16 +0200
From: Tamer Sahin <tamer@ONAR.COM.TR>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Essentia Web Server DoS Vulnerability

Type:

DoS, crashes Daemon

Release Date:

February 22, 2002

Product / Vendor:

The Essentia Web Server provides Enhanced Web Application and
Communication Services. Whether you are setting up a simple Web Site
on your Corporate Intranet or creating large sites for the Internet,
Essentia provides a simple and flexible way to make an even stronger
Web and Applications Platform.

http://www.essencomp.com/

Summary:

Essentia Web Server is subject to a denial of service. Submitting a
request of unusual length to the host will cause the server to crash.
A restart is required in order to gain normal functionality.

http://host/AAAAAA...(Ax2000)...AAAAAA

Tested:

Windows 2000 / Essentia Web Server 2.1

Vulnerable:

Essentia Webserver 2.1 (And may be other.)

Disclaimer:

http://www.securityoffice.net is not responsible for the misuse or
illegal use of any of the information and/or the software listed on
this security advisory.

Author:

Tamer Sahin
ts@securityoffice.net
http://www.securityoffice.net

Tamer Sahin
http://www.securityoffice.net
PGP Key ID: 0x2B5EDCB0

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPHanD7uLpFMrXtywEQIt0wCfe1HlfeyLQgHnrdIzjSUbailTpGIAn2tV
UPrlW2lSsEyTTVG2xrcyX6Tw
=KZG/
-----END PGP SIGNATURE-----

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by Qualys - Make Your Network Secure
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Go Beyond PARTIAL Security: FREE White Paper

Stop hassling with half-baked ENTERPRISE SECURITY.
FREE White Paper shows you how to ensure TOTAL security for your Internet
perimeter with the most current and most complete PROACTIVE Vulnerability
Assessment solution. Get your FREE White Paper now. Click here!
https://www.qualys.com/forms/techwhite_86.html
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

Previous message: Tamer Sahin: "SecurityOffice Security Advisory:// Essentia Web Server Directory Traversal Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[NT] Essentia Web Server DoS Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The Essentia Web Server provides Enhanced Web ... product allows attackers to cause the server to crash effectively causing ... Essentia Web Server DoS Vulnerability ...
(Securiteam)
SecurityOffice Security Advisory:// Essentia Web Server Directory Traversal Vulnerability
... Essentia Web Server Directory Traversal Vulnerability ... Go Beyond PARTIAL Security: FREE White Paper ... FREE White Paper shows you how to ensure TOTAL security for your Internet ...
(NT-Bugtraq)
[EXPL] Essentia Web Server Exploit Code Released
... Beyond Security in Canada ... The Essentia Web Server provides Enhanced Web Application and ... // Build buf memset ); ptr = buf; strcat; ... strcat; ...
(Securiteam)
SecurityOffice Security Advisory:// Essentia Web Server Vulnerabilities (Vendor Patch)
... Thank you for evaluating the trial version of Essentia Web Server. ... The Security problems pointed by you as well as some minor updates ... Do you have 128-bit SSL encryption server security? ... Get VeriSign's FREE Guide, "Securing Your Web Site for Business," and learn ...
(NT-Bugtraq)
SecurityOffice Security Advisory:// Essentia Web Server DoS Vulnerability
... Essentia Web Server DoS Vulnerability ... Communication Services. ...
(Bugtraq)