vWebServer v1.2.0 (Others?) ---------------------------- Tested system: vWebServer v1.2.0 running under Microsoft Windows 98 (Homepage/Download @ www.vwebserver.com) 1- ASP file source disclosing: Adding a unicoded space character at the end of requested URL, vWebServer shows the ASP file instead of executing it. Example: An example request looks this http://www.TargetHost.com/anything.asp%20 2- DOS device filename vulnerability: Under Windows 9x, using any DOS device names (aux, con, prn, ...) as a filename or directory crashes Windows. vWebServer doesn't filter those requests. Below example crashes both web server and Windows with a blue screen of death. Example: http://www.TargetHost.com/aux/aux 3- Very long URL vulnerability: Requesting a very long URL (i tried 8192 bytes long) will resulted in Error #5, File error. After requesting 2-3 times the same URL, web server will no longer response anything. Restart needed. Example: http://www.TargetHost.com/AAAAAAAAA...(Ax8192)...AAA Vendor: Informed and confirmed. SmallHTTP (All versions vulnerable: 2.x Stables, 3.x Latest beta 8) --------------------------------------------------------------------- Server crashes after sending very long URL a few times. Example: GET /AAA...AAA (8192) HTTP/1.0 Accept: ... Host: ... . . . Vendor: Informed and confirmed. Credits: Melih SARICA (melihsarat_private ) Bilgiteks IT (msaricaat_private) __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/
This archive was generated by hypermail 2b30 : Sat Jun 30 2001 - 09:01:12 PDT