TinyWEB Denial of Service Vulnerability

2003-10-10T00:00:00
ID OSVDB:6518
Type osvdb
Reporter Ziv Kamir(vulncode@yahoo.com)
Modified 2003-10-10T00:00:00

Description

Vulnerability Description

Ritlabs TinyWeb contains a flaw that may allow a remote denial of service. The issue is triggered when handling specially-crafted HTTP GET requests, and will result in loss of availability for the web server.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Ritlabs TinyWeb contains a flaw that may allow a remote denial of service. The issue is triggered when handling specially-crafted HTTP GET requests, and will result in loss of availability for the web server.

Manual Testing Notes

http://[victim]/cgi-bin/.%00./dddd.html

References:

Vendor URL: http://www.ritlabs.com/ Secunia Advisory ID:9226 Other Advisory URL: http://www.securiteam.com/windowsntfocus/6S0052K8LQ.html Other Advisory URL: http://www.winnetmag.com/Article/ArticleID/40498/40498.html Nessus Plugin ID:11894 ISS X-Force ID: 13402 Bugtraq ID: 8810