[NT] Plug and Play Web Server '/asdf.?' DoS

• Previous message: SecuriTeam: "[NT] BRS WebWeaver User-Agent DoS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: list@securiteam.com
Date: 5 Nov 2003 18:31:59 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

  Plug and Play Web Server '/asdf.?' DoS
------------------------------------------------------------------------

SUMMARY

 <http://www.pandpsoft.com> Plug and Play server is a HTTP / FTP / NEWS /
MAIL / TELNET / DNS / DHCP / HTTP-PROXY server, running on top of the
Windows platforms. The product has been found to contain a vulnerability
that allows remote attackers to cause the HTTP Proxy to no longer respond
to legitimate requests by sending it a malformed HTTP request.

DETAILS

Vulnerable systems:
 * Plug and Play Web Server version 1.0002c

Sending the following request "GET /asdf.? HTTP/1.0" to TCP Port 8080 will
stop the Proxy Service, showing a "Runtime Error 12001 - Parameter 1 of
the method used is invalid or not appropriate" on the console.

ADDITIONAL INFORMATION

The information has been provided by <mailto:Oliver.Karow@gmx.de> Oliver
Karow.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

• Previous message: SecuriTeam: "[NT] BRS WebWeaver User-Agent DoS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

• [TOOL] Metacortex - PacketFilter GUI
  ... The following security advisory is sent to the securiteam mailing list, and can be
  found at the SecuriTeam web site: http://www.securiteam.com ... The information in this
  bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be
  liable for any damages whatsoever including direct, indirect, incidental, consequential, loss
  of business profits or special damages. ... (Securiteam)
• [NEWS] MyServer DoS (Long GET request)
  ... The following security advisory is sent to the securiteam mailing list, and can be
  found at the SecuriTeam web site: http://www.securiteam.com ... The information in this
  bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be
  liable for any damages whatsoever including direct, indirect, incidental, consequential, loss
  of business profits or special damages. ... (Securiteam)
• [UNIX] Cross Site Scripting in Moodle
  ... The following security advisory is sent to the securiteam mailing list, and can be
  found at the SecuriTeam web site: http://www.securiteam.com ... The information in this
  bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be
  liable for any damages whatsoever including direct, indirect, incidental, consequential, loss
  of business profits or special damages. ... (Securiteam)
• [UNIX] osCommerces File Manager Arbitrary File Disclosure
  ... The following security advisory is sent to the securiteam mailing list, and can be
  found at the SecuriTeam web site: http://www.securiteam.com ... The information in this
  bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be
  liable for any damages whatsoever including direct, indirect, incidental, consequential, loss
  of business profits or special damages. ... (Securiteam)
• [TOOL] Aanval - Web Based Snort Console
  ... The following security advisory is sent to the securiteam mailing list, and can be
  found at the SecuriTeam web site: http://www.securiteam.com ... The information in this
  bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be
  liable for any damages whatsoever including direct, indirect, incidental, consequential, loss
  of business profits or special damages. ... (Securiteam)