MyServer Can Be Crashed With Specially Crafted URLs
|
|
SecurityTracker Alert ID: 1008183 |
|
SecurityTracker URL: http://securitytracker.com/id/1008183
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Nov 13 2003
|
Impact:
Denial of service via network
|
Exploit Included: Yes
|
Version(s): 0.5
|
Description:
A denial of service vulnerability was reported in MyServer. A remote user can cause the web server to crash.
SP Research Labs reported that a remote user can send a specially crafted HTTP GET request to the target server to cause the web service to crash.
Some demonstration exploit code is available at:
http://fux0r.phathookups.com/coding/c++/sp-myserver0.5-dos.c
http://fux0r.phathookups.com/coding/c++/sp-myserver0.5-dos.exe
The advisory is available at:
http://www.security-protocols.com/article.php?sid=1633&mode=thread&order=0
[Editor's note: This vulnerability appears to be different than the one disclosed in SP Research Labs Advisory x06 and reported in our Alert ID 1007661 in September 2003.]
|
Impact:
A remote user can cause the web server to crash.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.myserverproject.net/forum/portal.php (Links to External Site)
|
Cause:
Exception handling error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
