MiniShare HTTP Request DoS

2004-05-26T03:51:06
ID OSVDB:6432
Type osvdb
Reporter Donato Ferrante(fdonato@autistici.org)
Modified 2004-05-26T03:51:06

Description

Vulnerability Description

MiniShare contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted HTTP request is sent, and will result in loss of availability for the service.

Solution Description

Upgrade to version 1.3.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

MiniShare contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted HTTP request is sent, and will result in loss of availability for the service.

Manual Testing Notes

To test the vulnerability send to the webserver a request like:

GET:

1. GET /something HTTP/1.1

2. GET /something HTTP/1.1\n

HEAD:

1. HEAD /something HTTP/1.1

2. HEAD /something HTTP/1.1\n

and the webserver will crash.

References:

Vendor URL: http://minishare.sourceforge.net/

Vendor Specific Advisory URL Secunia Advisory ID:11715 Other Advisory URL: http://www.autistici.org/fdonato/advisory/MiniShare1.3.2-adv.txt Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=108563992129877&w=2