[ Advisory for SimpleServer:WWW (analogX) ] [ SimpleServer:WWW is made by Analogx. Site: http://www.analogx.com ] [ by nemesystm of the DHC ] [ (http://dhcorp.cjb.net - neme-dhcat_private) ] [ ADV-0103 ] /-|=[explanation]=|-\ SimpleServer:WWW is a webserver. It has a simple denial of service problem. /-|=[who is vulnerable]=|-\ Tested to be vulnerable: SimpleServer:WWW v1.03 SimpleServer:WWW v1.05 SimpleServer:WWW v1.08 This only affects computers running Windows Millennium or Windows 98. I assume any version between v1.03 and v.108 will be vulnerable to this as well. /-|=[testing it]=|-\ To test this vulnerability, try the following. www.server.com/aux Wait until you are sure this is sent to the server (timeout can take a while). Then try to refresh www.server.com. It should be down. /-|=[fix]=|-\ After notifying AnalogX about this bug a new version was released the same day. Download version 1.13 to fix this problem. Thanks to Mark for a extremely quick reply. Free, encrypted, secure Web-based email at www.hushmail.com
This archive was generated by hypermail 2b30 : Tue Apr 17 2001 - 12:24:56 PDT