| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: badpack3t at security-protocols.com (badpack3t) Subject: Xeneo Web Server 2.2.9.0 Denial Of Service Vulnerability SP Research Labs Advisory x03 ----------------------------- www.security-protocols.com Product - Xeneo Web Server 2.2.9.0 Download it here: http://www.northernsolutions.com/index.php?view=product&id=1 Date Released - 04/21/2003 Release Mode - Vendor was notified on 3/18/2003. Sent a few emails but never got any replies. So here it goes. ---------------------------- Product Description from the vendor - Xeneo Web Server is designed to deliver high performance and reliability. It can be easily extended and customized to host everything from a personal web site to advanced web applications that use ASP, PHP, ColdFusion, Perl, CGI and ISAPI. Key Xeneo Web Server features include: multiple domain support, integrated Windows authentication, scripting interface, enhanced filter support, ISAPI, CGI, ASP, SSL, intelligent file caching and more. ----------------------------- Vulnerability Description - To exploit this vulnerability, simply do a GET / with 4096 ?'s or more will cause the web server to go down. It is not exploitable at this point. Tested on: Windows XP Pro SP1 Windows 2000 SP3 ----------------------------- proof of concept is attached. peace out, badpack3t www.security-protocols.com ------------------------------ -------------- next part -------------- A non-text attachment was scrubbed... Name: sp-xeneo.pl Type: application/x-perl Size: 1602 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030421/2c7ed071/sp-xeneo.bin
Powered by blists - more mailing lists