AnalogX SimpleServer:WWW Device Name DoS

2001-04-17T00:00:00
ID OSVDB:3781
Type osvdb
Reporter OSVDB
Modified 2001-04-17T00:00:00

Description

Vulnerability Description

AnalogX SimpleServer:WWW contains a flaw that allows a remote attacker to crash the service. The issue is due to improper checking of GET requests made to the server. If a remote user requests a URL with a conventional DOS device name such as "aux", they may crash the server.

Solution Description

Upgrade to version 1.13 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

AnalogX SimpleServer:WWW contains a flaw that allows a remote attacker to crash the service. The issue is due to improper checking of GET requests made to the server. If a remote user requests a URL with a conventional DOS device name such as "aux", they may crash the server.

Manual Testing Notes

http://www.[victim].com/aux

References:

Vendor URL: http://www.analogx.com/contents/download/network/sswww.htm Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-04/0279.html ISS X-Force ID: 6395 CVE-2001-0386 Bugtraq ID: 2608