Small HTTP Server Can Be Crashed By Remote Users
|
|
SecurityTracker Alert ID: 1001427 |
|
SecurityTracker URL: http://securitytracker.com/id/1001427
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Apr 25 2001
|
Impact:
Denial of service via network
|
|
Version(s): v2.03; possibly others
|
Description:
A notice was issued for Small HTTP Server warning that remote users can cause the server to crash by requesting a specially formatted URL.
If a remote user requests a certain DOS device, the server will crash, requiring the host to be rebooted.
The following URL will reportedly crash the server:
http://[targethost]/aux
|
Impact:
A remote user can cause the server to crash, requiring the host to be rebooted.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: home.lanck.net/mf/srv/index.htm (Links to External Site)
|
Cause:
Exception handling error
|
Underlying OS:
Windows (Me), Windows (95), Windows (98)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 24 Apr 2001 08:15:33 -0500
Subject: Advisory for Small HTTP Server
|
--Hushpart_boundary_vDhgjDBWJUVfCYcWrvjThISZMNSTfruN
Content-type: text/plain
[ Advisory for Small HTTP Server v2.03 ]
[ Site: http://feokt.spb.ru ]
[ by nemesystm of the DHC ]
[ (http://dhcorp.cjb.net - neme-dhc@hushmail.com) ]
[ ADV-0111 ]
/-|=[explanation]=|-\
Small HTTP Server is a webserver. It has a simple
denial of service.
/-|=[who is vulnerable]=|-\
Anyone running Small HTTP Server v2.03 and
presumably older versions on Windows 98/ME.
/-|=[testing it]=|-\
To test this vulnerability, try the following.
www.server.com/aux
It should crash the whole computer requiring a
reboot.
/-|=[fix]=|-\
Not known at the moment: vendor did not respond.
Free, encrypted, secure Web-based email at www.hushmail.com
--Hushpart_boundary_vDhgjDBWJUVfCYcWrvjThISZMNSTfruN--
|
|
