SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Twilight Utilities Web Server Vendors:   Twilight Utilities
(Vendor Issues Fix) Re: Twilight Utilities Web Server Can Be Crashed By Remote Users
SecurityTracker Alert ID:  1007185
SecurityTracker URL:  http://securitytracker.com/id/1007185
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 14 2003
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 1.3.4
Description:   A vulnerability was reported in the Twilight Utilities Web Server. A remote user can cause the web server to crash.

Security-Protocols Research Labs reported that a remote user can send a specially crafted HTTP GET request to cause the web service to crash. According to the report, a GET / followed with 4096 characters can trigger the flaw.

A demonstration exploit script is provided in the Source Message

Impact:   A remote user can cause the web service to crash.
Solution:   A fixed version (1.3.4) is available from the vendor.
Vendor URL:  www.twilightutilities.com/WebServer.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Apr 16 2003 Twilight Utilities Web Server Can Be Crashed By Remote Users



 Source Message Contents

Subject:  Re: Web Server fix? (for earlier vulnerability)


 > I've tested the server against all the exposed attacks and patched
 > up to 1.3.4.

 > http://www.twilightutilities.com/




 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC