(Vendor Issues Fix) Re: Twilight Utilities Web Server Can Be Crashed By Remote Users
|
|
SecurityTracker Alert ID: 1007185 |
|
SecurityTracker URL: http://securitytracker.com/id/1007185
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jul 14 2003
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 1.3.4
|
Description:
A vulnerability was reported in the Twilight Utilities Web Server. A remote user can cause the web server to crash.
Security-Protocols Research Labs reported that a remote user can send a specially crafted HTTP GET request to cause the web service to crash. According to the report, a GET / followed with 4096 characters can trigger the flaw.
A demonstration exploit script is provided in the Source Message
|
Impact:
A remote user can cause the web service to crash.
|
Solution:
A fixed version (1.3.4) is available from the vendor.
|
Vendor URL: www.twilightutilities.com/WebServer.html (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Windows (Any)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Mon, 14 Jul 2003 08:25:52 -0400
Subject: Re: Web Server fix? (for earlier vulnerability)
|
> I've tested the server against all the exposed attacks and patched
> up to 1.3.4.
> http://www.twilightutilities.com/
|
|
