[VulnWatch] MS-DOS Device Name Denial Of Service Vulnerability in Abyss Web Server X1 for Windows
From: R00tCr4ck (root_at_cyberspy.org)
Date: 10/20/04
- Previous message: Jakob Balle: "[VulnWatch] Secunia Research: Multiple Browsers Tabbed Browsing Vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 20 Oct 2004 14:36:33 +0000 To: bugtraq@securityfocus.com, vuln@secunia.com, bugs@securitytracker.com, vulnwatch@vulnwatch.org
#####################################
# CHT Security Research Center-2004 #
# http://www.CyberSpy.Org #
# Turkey #
#####################################
Software:
Abyss Web Server X1 for Windows
Web Site:
http://www.aprelium.com/
Affected Version(s):
X1
Description:
Abyss Web Server X1 is a free personal web server available for Windows, MacOS
X, Linux, and FreeBSD operating systems.
Official Description from the web site:
"Abyss Web Server is based on the APX architecture.
APX, which stands for Anti-crash Protection eXtension, was created, here at
Aprelium, to make the server crash-proof.
If it happens that the software causes a critical error and crashes (which is by
the way very improbable),
a report will be generated if possible and the server is automatically
restarted.
The downtime in such a case won't last more than 1 second!
Anti-crash protection system guarantees 100% uptime!"
There is MS-DOS Device Name Denial Of Service Vulnerability in Abyss Web Server
X1 for Windows:
It is possible to remotely crash a system running Abyss Web Server X1 by
submitting URL requests for a MS-DOS devicename
such as con,prn,aux in the cgi-bin folder (cgi-bin directory comes with default
installation)A restart of the server service is required in order to gain
normal functionality.
Example:
http://[victim]/cgi-bin/prn
---- Reported By R00tCr4ck at October,20 2004 root(at)CyberSpy.Org Original Article can be found at: http://www.CyberSpy.Org
- Previous message: Jakob Balle: "[VulnWatch] Secunia Research: Multiple Browsers Tabbed Browsing Vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
