MyServer Can Be Crashed With Specially Crafted URLs
|
|
SecurityTracker Alert ID: 1008183
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Nov 13 2003
|
Impact: Denial of service via network
|
Exploit Included: Yes
|
Advisory: SP Research Labs
|
Version(s): 0.5
|
Description: A denial of service vulnerability was reported in MyServer. A remote user can cause the web server to crash.
SP Research Labs reported that a remote user can send a specially crafted HTTP GET request to the target server to cause the web
service to crash.
Some demonstration exploit code is available at:
http://fux0r.phathookups.com/coding/c++/sp-myserver0.5-dos.c
http://fux0r.phathookups.com/coding
/c++/sp-myserver0.5-dos.exe
The advisory is available at:
http://www.security-protocols.com/article.php?sid=1633&mode=thread&order=0
[Editor's
note: This vulnerability appears to be different than the one disclosed in SP Research Labs Advisory x06 and reported in our Alert
ID 1007661 in September 2003.]
|
Impact: A remote user can cause the web server to crash.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.myserverproject.net/forum/portal.php (Links to External Site)
|
Cause: Exception handling error
|
Underlying OS: Windows (Any)
|
Underlying OS Comments: Tested on Windows XP Pro SP1 and Windows 2000 SP3
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
