Reported
October 9, 2003 by Ziv Kamir.
VERSIONS
AFFECTED
Ritlabs TinyWeb 1.9
DESCRIPTION
A Denial of Service (DoS) vulnerability exists in
Ritlabs TinyWeb 1.9. By sending a specially formed HTTP GET request, an attacker
can crash the server.
A
remote user can issue an HTTP GET request for /cgi-bin/.%00./dddd.html
and cause the server to consume large amounts of CPU time (88%-92%)
VENDOR
RESPONSE
CREDIT
DEMONSTRATION
The discoverer posted the following demonstration as proof of concept:
Ritlabs has been notified.
Discovered
by
Ziv Kamir.
Denial of Service in TinyWeb Web Server for Windows
0 comments
Hide comments