SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   ScriptEase Mini WebServer Vendors:   Nombas, Inc.
ScriptEase Mini WebServer Can Be Crashed By Remote Users Sending Long HTTP Requests
SecurityTracker Alert ID:  1003598
SecurityTracker URL:  http://securitytracker.com/id/1003598
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 19 2002
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 0.95, possibly others
Description:   SecurityOffice.net reported a denial of service vulnerability in the ScriptEase Mini WebServer. A remote user can crash the web services.

It is reported that a remote user can submit a long HTTP request to cause the web server to crash. The following type of URL will reportedly trigger the flaw:

http://[targethost]/AAAAAA...(Ax2000)...AAAAAA

A restart is required in order to regain normal functionality.

Impact:   A remote user can crash the web services. A restart is required to return the web services to normal operations.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.nombas.com/us/download/ndownload.htm (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Windows (Any)
Underlying OS Comments:  Tested on Windows 2000

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Additional Exploit Methods Are Provided) Re: ScriptEase Mini WebServer Can Be Crashed By Remote Users Sending Long HTTP Requests
A user has submitted some additional denial of service methods.



 Source Message Contents

Subject:  ScriptEase MiniWeb Server DoS Vulnerability


ScriptEase MiniWeb Server DoS Vulnerability

Type

DoS, crashes Daemon

Release Date

February 19, 2002

Product / Vendor

The ScriptEase MiniWeb Server, written entirely in ScriptEase, is being
distributed free by Nombas. This server is not intended to compete with
commercial web servers, rather it is meant to allow you to easily setup
a personal web site and for testing page design and CGI scripts.

http://www.nombas.com

Summary

ScriptEase MiniWeb Server is subject to a denial of service. Submitting
a request of unusual length to the host will cause the server to crash.
A restart is required in order to gain normal functionality.

http://host/AAAAAA...(Ax2000)...AAAAAA

Tested

Windows 2000 / ScriptEase MiniWeb Server v0.95

Vulnerable

ScriptEase MiniWeb Server v0.95 (And may be other)

Disclaimer

http://www.securityoffice.net is not responsible for the misuse or
illegal use of any of the information and/or the software listed on this
security advisory.

Author

Tamer Sahin
ts@securityoffice.net
http://www.securityoffice.net


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC