[<prev] [next>] [day] [month] [year] [list]
Message-ID: <006801c3e2a1$55b679e0$72bb623e@BlueHell>
Date: Sat, 24 Jan 2004 18:41:40 +0100
From: "Donato Ferrante" <fdonato@...istici.org>
To: <bugtraq@...urityfocus.com>
Subject: Resources consumption in Reptile webserver daily version
Donato Ferrante
Application: Reptile Web Server
http://sourceforge.net/projects/reptilews
Version: daily version
Bug: resources consumption
Author: Donato Ferrante
e-mail: fdonato@...istici.org
web: www.autistici.org/fdonato
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
1. Description
2. The bug
3. The code
4. The fix
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
----------------
1. Description:
----------------
Vendor's Description:
"Reptile is a web server made in Python. It supports server side
scripting with "Embedded Python", PHP, and CGI scripts. It has an
integrated HTML/XML validator that checks the pages before publication
and others handy features."
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
------------
2. The bug:
------------
The program doesn't well manage the user input string.
In fact it waits the HTTP version. So an attacker can consume a lot of
CPU resources, sending crafted strings.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-------------
3. The code:
-------------
To test the vulnerability simply send to the webserver some (about 10)
strings like:
GET index.htm
without specify the HTTP* at the end of the GET request, and where
the requested file must be avaible in the public_html directory.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
------------
4. The fix:
------------
No fix.
Reptile Web Server is no more supported.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Powered by blists - more mailing lists