Hi! I've found a vulnerability in TelCondex SimpleWebServer 2.06.20817 Build 3128 (tested on Windows XP Professional). It could be that prior versions are also affected. It's possible to crash the web server application with a long URL (starting from 539 Chars)[1]. You'll see a popup message on the victims host. You have to restart the httpd service to get a running web server. I've informed supportat_private on 02/10/12 about the bug. After a really friendly response[2] the new version 2.09 without the bug is available at http://www.yourinfosystem.de/download.htm Bye, Marc [1] e.g. http://192.168.0.2/AAA[...]AAA [2] We discussed the bug and it seems that the problem is in the 32 bit command control for showing the URLs. In other words, every operating system reacts in another way. -- Computer, Technik und Security http://www.computec.ch
This archive was generated by hypermail 2b30 : Mon Oct 14 2002 - 19:19:49 PDT