AnalogX SimpleServer:WWW /cgi-bin/ Long GET DoS

2000-07-15T00:00:00
ID OSVDB:346
Type osvdb
Reporter OSVDB
Modified 2000-07-15T00:00:00

Description

Vulnerability Description

AnalogX SimpleServer:WWW contains a flaw that allows a remote attacker to cause a denial of service. The issue is due to the server not properly sanitizing URI input related to long requests. By providing an overly long GET request to the /cgi-bin/ directory, an attacker can crash the server.

Solution Description

Upgrade to version 1.06 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

AnalogX SimpleServer:WWW contains a flaw that allows a remote attacker to cause a denial of service. The issue is due to the server not properly sanitizing URI input related to long requests. By providing an overly long GET request to the /cgi-bin/ directory, an attacker can crash the server.

Manual Testing Notes

http://[victim]/cgi-bin/[300x a]

References:

Vendor URL: http://www.analogx.com/contents/download/network/sswww.htm Other Advisory URL: http://www.ussrback.com/labs45.html Nessus Plugin ID:10445 ISS X-Force ID: 4693 CVE-2000-0473 Bugtraq ID: 1349