Resources consumption in Reptile webserver daily version

From: Donato Ferrante (fdonato_at_autistici.org)
Date: 01/24/04

Next message: opticfiber: "Re: [work] Re: Major hack attack on the U.S. Senate"

Previous message: Dinesh Nair: "Re: Major hack attack on the U.S. Senate"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <bugtraq@securityfocus.com>
Date: Sat, 24 Jan 2004 18:41:40 +0100

Donato Ferrante

Application: Reptile Web Server
http://sourceforge.net/projects/reptilews

Version: daily version

Bug: resources consumption

Author: Donato Ferrante
e-mail: fdonato@autistici.org
web: www.autistici.org/fdonato

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

1. Description
2. The bug
3. The code
4. The fix

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

----------------
1. Description:
----------------

Vendor's Description:

"Reptile is a web server made in Python. It supports server side
scripting with "Embedded Python", PHP, and CGI scripts. It has an
integrated HTML/XML validator that checks the pages before publication
and others handy features."

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
2. The bug:
------------

The program doesn't well manage the user input string.
In fact it waits the HTTP version. So an attacker can consume a lot of
CPU resources, sending crafted strings.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
3. The code:
-------------

To test the vulnerability simply send to the webserver some (about 10)
strings like:

GET index.htm

without specify the HTTP* at the end of the GET request, and where
the requested file must be avaible in the public_html directory.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
4. The fix:
------------

No fix.
Reptile Web Server is no more supported.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Next message: opticfiber: "Re: [work] Re: Major hack attack on the U.S. Senate"

Previous message: Dinesh Nair: "Re: Major hack attack on the U.S. Senate"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Remote Buffer Overflow in PSOProxy 0.91
... The bug ... The fix ... "PSOProxy is a web server application designed to work with the ... The server is not able to manage big input strings. ...
(Bugtraq)
Denial Of Service in Vizer Web Server 1.9.1
... The bug ... The fix ... "Vizer is an open source web server written in Visual Basic." ... (without specifying GET and HTTP) ...
(Bugtraq)
Denial of Service in Monkey httpd <= 0.8.1
... Bug ... Fix ... From the Monkey httpd's website: ... "Monkey is a Web server written in C that works under Linux. ...
(Bugtraq)
Moozatech: MyServer Buffer Overflow vulnerability
... Application: MyServer Web Server ... Fix Available: Yes ... About Moozatech ...
(Vuln-Dev)
Moozatech: MyServer Buffer Overflow vulnerability
... Application: MyServer Web Server ... Fix Available: Yes ... About Moozatech ...
(Bugtraq)

www.derkeiler.com > Mailing-Lists > securityfocus > bugtraq > 2004-01