##################################### # CHT Security Research Center-2004 # # http://www.CyberSpy.Org # # Turkey # ##################################### Software: Abyss Web Server X1 for Windows Web Site: http://www.aprelium.com/ Affected Version(s): X1 Description: Abyss Web Server X1 is a free personal web server available for Windows, MacOS X, Linux, and FreeBSD operating systems. Official Description from the web site: "Abyss Web Server is based on the APX architecture. APX, which stands for Anti-crash Protection eXtension, was created, here at Aprelium, to make the server crash-proof. If it happens that the software causes a critical error and crashes (which is by the way very improbable), a report will be generated if possible and the server is automatically restarted. The downtime in such a case won't last more than 1 second! Anti-crash protection system guarantees 100% uptime!" There is MS-DOS Device Name Denial Of Service Vulnerability in Abyss Web Server X1 for Windows: It is possible to remotely crash a system running Abyss Web Server X1 by submitting URL requests for a MS-DOS devicename such as con,prn,aux in the cgi-bin folder (cgi-bin directory comes with default installation)A restart of the server service is required in order to gain normal functionality. Example: http://[victim]/cgi-bin/prn ---- Reported By R00tCr4ck at October,20 2004 root(at)CyberSpy.Org Original Article can be found at: http://www.CyberSpy.Org
This archive was generated by hypermail 2.1.3 : Wed Oct 20 2004 - 10:04:12 PDT