Skip navigation
Menu
End-User Platforms>Windows 7/8

Denial of Service in TinyWeb Web Server for Windows

Reported October 9, 2003 by Ziv Kamir.

 

 

VERSIONS AFFECTED

 

Ritlabs TinyWeb 1.9

 

DESCRIPTION

 

A Denial of Service (DoS) vulnerability exists in Ritlabs TinyWeb 1.9. By sending a specially formed HTTP GET request, an attacker can crash the server.

 

DEMONSTRATION
 
The discoverer posted the following demonstration as proof of concept:

 

A remote user can issue an HTTP GET request for /cgi-bin/.%00./dddd.html and cause the server to consume large amounts of CPU time (88%-92%)

 

VENDOR RESPONSE

 

Ritlabs has been notified.

 

CREDIT                                                                                                       

Discovered by Ziv Kamir.

TAGS: Security
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
PowerShell screenshot shows Where-Object cmdlet
How to Use the PowerShell Where-Object Cmdlet
Aug 04, 2022
shield_icon_laptop.jpg
What To Do When Windows Defender Is Not Working
Mar 15, 2022
Computer Screen Showing Password Dialog Box
Microsoft Edge Downloads Updated for Azure AD Sign-In & Sync
Aug 22, 2019
mktg-wp-nolabel5
How to Approach the Windows 7 to 10 Migration
Aug 01, 2019