Bugtraq mailing list archives
SeaNox Devwex - Denial of Service and Directory traversal
From: Kistler Ueli <iuk () gmx ch>
Date: Sat, 08 Jun 2002 20:27:59 +0200
Affected: Seanox DevWex 1.2002.0520 Windows binary Vulnerability: DoS and directory traversal using Win32 path delimiter Risk: High (Code execution?)-Medium(DoS and directory traversal) Vendor contacted: 26-5-2002 Vendor fix: http://www.seanox.de/projects.devwex.php4 DevWex is a small and flexible Webserver running as standalone win32 binary and as JAVA application. Buffer-overflow problem: It exists a buffer-overflow problem in the procedure handling a GET command. Sending at least 258383 caracters with a GET command will crash the server and make it inaccessible. This could perhaps allow an attacker to execute shellcode. Example: GET 258383xA+CRLF+CRLF Directory traversal: An attacker can request an URL containing Windows path delimiters to break out of the document root of DevWex. This allows an attacker to download sensitive data. Example: GET /..\..\..\..\anyfile Fix: Seanox has released a new version (1.2002.0601) Regards, Ueli Kistler eclipse () packx net / iuk () gmx ch www.packx.net / www.eclipse.fr.fm Greetz to PackX Team --
Current thread:
- SeaNox Devwex - Denial of Service and Directory traversal Kistler Ueli (Jun 08)