SecurityTracker.com Archives - Xitami Web Server Fails to Log Non-HTTP Connections

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker
Archives

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Web Server/CGI) > Xitami Web Server

Vendors: iMatix

Xitami Web Server Fails to Log Non-HTTP Connections

SecurityTracker Alert ID: 1007452

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Aug 10 2003

Impact: Modification of user information

Exploit Included: Yes

Version(s): 2.4d9

Description: CyberTalon reported a vulnerability in the Xitami web server. The server does not log non-HTTP connections.

It is reported that a remote user can connect to the web server and send non-HTTP data without the data being logged.

A demonstration exploit is provided:

telnet [target webserver] 80
harmful data.........
[Enter]
[Enter]

Impact: A remote user can connect to the web server without the server logging the connection.

Solution: No solution was available at the time of this entry.

Vendor URL: www.xitami.com (Links to External Site)

Cause: State error

Underlying OS: Windows (Any)

Reported By: cyber talon <cyber_talon@hotmail.com>

Message History: None.

Source Message Contents

Date: Sat, 09 Aug 2003 16:53:08 -0300
From: cyber talon <cyber_talon@hotmail.com>
Subject: Xitami WebServer 2.4d9 fails to log terminal connections

 

       Xitami WebServer 2.4d9 fails to log terminal connections
                       Found by: CyberTalon
-----------------------------------------------------------------------
1. Intro
2. Problem
3. Impact
4. Solution
5. Exploit
6. Ending
-----------------------------------------------------------------------
1. I have found a logging vulnerability in Xitami WebServer 2.4d9.
-----------------------------------------------------------------------
2. Xitami fails to log terminal connections to the server.
-----------------------------------------------------------------------
3. An attacker could send harmful data to the server thru a terminal instead
of the normal broswer and possibly cause DoS or compromisement and no
evidence would be logged.
-----------------------------------------------------------------------
4. No solution that I know of, but they should implement something into the
server to make it atleast log the terminal connections to the access log or
error log like the other webservers do.
-----------------------------------------------------------------------
5. Simple Exploit:

telnet webserver 80
harmful data.........
[Enter]
[Enter]

NO LOG OF THAT PRESENSE!
-----------------------------------------------------------------------
6. This vulnerability could be a great resource to the attacker to reply on
when trying to exploit the server. It should be fixed asap.

-CT 08-09-03

_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*.
http://join.msn.com/?page=features/featuredemail

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2002, SecurityGlobal.net LLC