[NT] TinyWeb Server Denial of Service Vulnerability
From: SecuriTeam (support_at_securiteam.com)
Date: 10/09/03
- Previous message: SecuriTeam: "[TOOL] Opcode Finder (In Memory)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 9 Oct 2003 17:39:56 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
TinyWeb Server Denial of Service Vulnerability
------------------------------------------------------------------------
SUMMARY
<http://www.ritlabs.com/tinyweb/> TinyWeb is "extremely small (executable
file size is 53K), simple (no configuration other than through the command
line) and fast (consumes minimum of system resources) Win32 daemon for
regular (TCP/http) and secure (SSL/TLS/https) web servers".
A vulnerability in the product allows remote attackers to cause the server
to crash by sending it a special request.
DETAILS
Vulnerable systems:
* TinyWeb version 1.9
A remote user can issue an HTTP GET request for /cgi-bin/.%00./dddd.html
and cause the server consume large amounts of CPU time (88%-92%).
ADDITIONAL INFORMATION
The information has been provided by <mailto:vulncode@yahoo.com> Ziv
Kamir.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[TOOL] Opcode Finder (In Memory)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [NT] SMSGate Denial of Service
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... A vulnerability in the
way SMSGate handles incoming HTTP ... When a too big HTTP Content-Length value is received,
the server tries to ... (Securiteam) - [NT] Directory Traversal Exploit in SD Server
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... SD Server is very
easy to install, ... In no event shall we be liable for any damages whatsoever including
direct, indirect, incidental, consequential, loss of business profits or special damages. ...
(Securiteam) - [NEWS] SCI Photo Chat Server Cross Site Scripting
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... chat server that
supports multimedia pictures, sounds, or even videos. ... (Securiteam) - [UNIX] PrimeBase SQL Database Server Clear Text Password Storage
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... The PrimeBase SQL Database
Server stores ... Administrator password during installation. ... (Securiteam) - [NT] Fastream NETFile FTP/WebServer CSS Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Fastream NETFile Server
... In no event shall we be liable for any damages whatsoever including direct, indirect,
incidental, consequential, loss of business profits or special damages. ... (Securiteam)
