Hi! I found a security bug in the "My Web Server 1.0.2 [Build 03.27.02]" (tested on Windows XP Professional). It could be that prior version are also affected. It's possible to crash the webserver with a very long request like this[1]: http://192.168.0.2/AAA...(approx. Ax994)...AAA Sometimes the "My Webserver V1.0 Control Panel" disappears immediately, sometimes with an error message (it seems to depend on the lenght of the request), and the whole web server part shuts down (no http listening anymore). You have to restart the "My Webserver" to get a running web server. I've informed infoat_private at 02/10/11 about the problem and they acknowledged the vulnerability. It would be a good idea the implement in an upcoming version an input check to cut long requests. Seth Snyder replied, that he'll add such a feature as soon as possible. Bye, Marc [1] It could be that the CodeRed worm crashes a web server running the vulnerable "My Web Server". Also some CGI scanners (e.g. N-Stealth by Felipe Moniz) check such long requests. But it's easy to detect very long http requests with an intrusion detection system. -- Computer, Technik und Security http://www.computec.ch
This archive was generated by hypermail 2b30 : Sat Oct 12 2002 - 16:10:45 PDT