TinyServer HTTP Request DoS

2004-01-26T07:42:36
ID OSVDB:3709
Type osvdb
Reporter OSVDB
Modified 2004-01-26T07:42:36

Description

Vulnerability Description

TinyServer contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted URL that does not contain both GET and HTTP/1.1 tags, and will result in loss of availability for the service.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

TinyServer contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted URL that does not contain both GET and HTTP/1.1 tags, and will result in loss of availability for the service.

Manual Testing Notes

Telnet vulnserver.com 80 and request:

index.htm (without a GET or HTTP/1.1)

or

GET /index.htm (without the HTTP/1.1)

References:

Vendor URL: http://sourceforge.net/projects/tinyserver/ Secunia Advisory ID:10707 Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2004-01/0232.html ISS X-Force ID: 14928 CVE-2004-2118 CVE-2004-2117 Bugtraq ID: 9485