[NT] Plug and Play Web Server '/asdf.?' DoS

From: SecuriTeam (support_at_securiteam.com)
Date: 11/05/03

  • Next message: SecuriTeam: "[NT] BEA Tuxedo Administration CGI Multiple Argument Issues"
    To: list@securiteam.com
    Date: 5 Nov 2003 18:31:59 +0200
    
    

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      Plug and Play Web Server '/asdf.?' DoS
    ------------------------------------------------------------------------

    SUMMARY

     <http://www.pandpsoft.com> Plug and Play server is a HTTP / FTP / NEWS /
    MAIL / TELNET / DNS / DHCP / HTTP-PROXY server, running on top of the
    Windows platforms. The product has been found to contain a vulnerability
    that allows remote attackers to cause the HTTP Proxy to no longer respond
    to legitimate requests by sending it a malformed HTTP request.

    DETAILS

    Vulnerable systems:
     * Plug and Play Web Server version 1.0002c

    Sending the following request "GET /asdf.? HTTP/1.0" to TCP Port 8080 will
    stop the Proxy Service, showing a "Runtime Error 12001 - Parameter 1 of
    the method used is invalid or not appropriate" on the console.

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:Oliver.Karow@gmx.de> Oliver
    Karow.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.


  • Next message: SecuriTeam: "[NT] BEA Tuxedo Administration CGI Multiple Argument Issues"

    Relevant Pages

    • [TOOL] Metacortex - PacketFilter GUI
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)
    • [UNIX] osCommerces File Manager Arbitrary File Disclosure
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)
    • [TOOL] Aanval - Web Based Snort Console
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)
    • [NEWS] MyServer DoS (Long GET request)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)
    • [UNIX] Cross Site Scripting in Moodle
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)