Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

tinyServer1.1.txt

🗓️ 26 Jan 2004 00:00:00Reported by Donato FerranteType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 21 Views

Tiny Server 1.1 has multiple vulnerabilities including directory traversal and denial of service bugs.

Code
` Donato Ferrante  
  
  
Application: Tiny Server   
http://sourceforge.net/projects/tinyserver  
  
Version: 1.1 (1.0.5)  
  
Bugs: Multiple Vulnerabilities  
  
Author: Donato Ferrante  
e-mail: [email protected]  
web: www.autistici.org/fdonato  
  
  
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  
  
1. Description  
2. The bugs  
3. The code  
4. The fix  
  
  
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  
  
----------------  
1. Description:  
----------------  
  
Vendor's Description:  
  
"This is a very basic http server. This server can accept multiple  
requests at once. The server is only 56 kb. The server has been  
configured to accept a maximum of 100 connections.  
As of now Tiny Server supports only the GET request."  
  
  
  
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  
  
-------------  
2. The bugs:  
-------------  
  
[1] directory traversal bug: the program does't make a good check on  
the user input string ( /../ ) so an attacker is able to see and  
download all the files on the remote system simply using his  
browser.  
  
[2] denial of service bug: the program have no checks on the input  
strings received, so an attacker is able to crash the server  
simply sending a crafted string.  
  
[3] cross site scripting bug: the program doesn't make a full check  
on the strings sent by the client, in fact the input strings are  
not filtered and they will appear in the returned page.  
  
  
  
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  
  
-------------  
3. The code:  
-------------  
  
The following are some examples to test the vulnerabilities:  
  
  
[1]  
  
http://[host]/../../windows/system.ini  
  
  
  
[2]  
  
GET /index.htm  
( without specify HTTP/1.1 )  
  
or simply:  
  
index.htm  
( without specify GET and HTTP/1.1 )  
  
or:  
  
GET /aaaaaa[ 260 of a ]aaa HTTP/1.1  
  
  
  
[3]  
  
http://[host]/<script>alert("Test")</script>  
  
  
  
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  
  
------------  
4. The fix:  
------------  
  
No fix.  
The vendor has not answered to my signalations.  
  
  
  
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
26 Jan 2004 00:00Current
7.4High risk
Vulners AI Score7.4
tiny servervulnerabilitiesdirectory traversaldenial of servicecross site scriptingdonato ferrante.
21