[NT] Long URL causes TelCondex SimpleWebServer to crash
From: support@securiteam.comDate: 10/15/02
- Previous message: support@securiteam.com: "[EXPL] Linux Traceroute Exploit Code Released (GDB)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: 15 Oct 2002 04:08:44 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Long URL causes TelCondex SimpleWebServer to crash
------------------------------------------------------------------------
SUMMARY
<http://www.telcondex.de/hlpswebsvr/aa_inhalt.htm> TelCondex's
SimpleWebServer has been found to contain a security vulnerability allow
remote attackers to cause the product to crash by requesting from it an
arbitrarily long URL.
DETAILS
Vulnerable systems:
* TelCondex SimpleWebServer 2.06.20817 Build 3128
Vulnerable systems:
* TelCondex SimpleWebServer 2.09
It's possible to crash the web server application with a long URL
(starting from 539 Chars).
Example:
http://192.168.0.2/AAA[...]AAA
Vendor status:
Marc has informed support@telcondex.de on 02/10/12 about the bug. After a
really friendly response:
"We discussed the bug and it seems that the problem is in the 32 bit
command control for showing the URLs. In other words, every operating
system reacts in another way."
The new version 2.09 without the bug is available at
<http://www.yourinfosystem.de/download.htm>
http://www.yourinfosystem.de/download.htm.
ADDITIONAL INFORMATION
The information has been provided by <mailto:marc.ruef@computec.ch> Marc
Ruef.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[EXPL] Linux Traceroute Exploit Code Released (GDB)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [NEWS] SpiDynamics WebInspect Keeps Track of Its Users (Trial License)
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... WebInspect, S.P.I.
Dynamic's premier product, is a network-based web ... We make no effort to hide that this remote
authentication is done. ... (Securiteam) - [NT] DoS and Directory Traversal Vulnerabilities in WebServer 4 Everyone
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... requests and to allow attackers
to download files that reside the outside ... (Securiteam) - [UNIX] Multiple Security Issues in Geeklog (XSS, SQL Inject)
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... the vulnerabilities would
allow a remote attacker to ... SQL Injection: ... (Securiteam) - [NT] WebEasyMail Multiple Security Vulnerabilities (User disclosure, DoS)
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... to reveal which username
are valid on the remote host. ... (Securiteam) - [UNIX] DCP-Portal Cross-Site Scripting
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... A security vulnerability
in the product allows ... the members page, this CSS vulnerability will take effect. ...
(Securiteam)
