Multiple bugs in SMALL HTTP Server

FTP access to whole disk is open by default, passwords are stored in cleartext, password submission attemps are not limited...

Исследуем Small HTTP

Я подключался к одной локальной сети через модем и мне не нравился там админ. У него машина 2000 server была пропатчена но однажду он установи у себя Small HTTP Server ver.3.0371 и понеслось. Я нашёл Small HTTP Server ver.3.0371 в нете, установил к себе и начал тестировать, чтобы сделать чё нить...

CVE-2001-0493

Small HTTP server 2.03 allows remote attackers to cause a denial of service via a URL that contains an MS-DOS device name such as aux...

CVE-2001-0493

The CVE describes a denial-of-service in Small HTTP Server 2.03 when handling HTTP requests that contain MS-DOS device names (for example AUX) in the URL. The underlying cause is improper handling of device-name paths, allowing a remote attacker to crash or freeze the server (Windows 98 reference...

CVE-2000-0897

Small HTTP Server 2.03 and earlier allows remote attackers to cause a denial of service by repeatedly requesting a URL that references a directory that does not contain an index.html file, which consumes memory that is not released after the request is completed...

CVE-2001-0493

Small HTTP server 2.03 allows remote attackers to cause a denial of service via a URL that contains an MS-DOS device name such as aux...

Advisory for Small HTTP Server

Advisory for Small HTTP Server v2.03 Site: http://feokt.spb.ru by nemesystm of the DHC http://dhcorp.cjb.net - [email protected] ADV-0111 /-|=explanation=|- Small HTTP Server is a webserver. It has a simple denial of service. /-|=who is vulnerable=|- Anyone running Small HTTP Server v2.03 and...

CVE-2000-0897

Small HTTP Server 2.03 and earlier allows remote attackers to cause a denial of service by repeatedly requesting a URL that references a directory that does not contain an index.html file, which consumes memory that is not released after the request is completed...

CVE-2000-0898

Small HTTP Server 2.01 does not properly process Server Side Includes SSI tags that contain null values, which allows local users, and possibly remote attackers, to cause the server to crash by inserting the SSI into an HTML file...

CVE-2000-0899

Small HTTP Server 2.01 allows remote attackers to cause a denial of service by connecting to the server and sending out multiple GET, HEAD, or POST requests and closing the connection before the server responds to the requests...

CVE-2000-0898

Small HTTP Server 2.01 does not properly process Server Side Includes SSI tags that contain null values, which allows local users, and possibly remote attackers, to cause the server to crash by inserting the SSI into an HTML file...

CVE-2000-0899

Small HTTP Server 2.01 allows remote attackers to cause a denial of service by connecting to the server and sending out multiple GET, HEAD, or POST requests and closing the connection before the server responds to the requests...

CVE-2000-0899

CVE-2000-0899 affects Small HTTP Server 2.01. The vulnerability allows remote attackers to cause a denial of service by establishing connections and issuing multiple GET, HEAD, or POST requests, then closing the connection before the server responds. Exploitation details are not provided in the s...

CVE-2000-0898

CVE-2000-0898 affects Small HTTP Server 2.01. The issue is improper handling of Server Side Includes (SSI) tags containing null values, allowing local users and possibly remote attackers to crash the server by inserting an SSI into an HTML file. The NVD data indicates partial impact to availabili...

Small HTTP Server 2.0 1 - Non-Existent File Denial of Service

source : https://www.securityfocus.com/bid/1941/info Small HTTP Server is a full service web server. This utility is less than 30Kb and requires minimal system resources. Small HTTP Server is subject to a denial of service. When making an http request without a filename specified the server will...

Small HTTP Server 2.0 1 - Non-Existent File Denial of Service

Small HTTP Server 2.0 1 - Non-Existent File Denial of Service source : https://www.securityfocus.com/bid/1941/info Small HTTP Server is a full service web server. This utility is less than 30Kb and requires minimal system resources. Small HTTP Server is subject to a denial of service. When making...

CVE-2000-0484

The CVE-2000-0484 entry describes a memory corruption flaw in Small HTTP Server v3.06 that leads to a memory overflow and a crash of the Structured Exception Handler, resulting in a Denial of Service. The affected component is the server’s memory handling for requests; the root cause is a memory ...

smallhttp.py

!/usr/bin/python Small HTTP Server DoS Proof of Concept Code. Vulnerability Discovered by USSR Labshttp://www.ussrback.com Simple Script by [email protected] By connecting to port 80http on a system running Small HTTP Server and issuing a GET command followed by 65000 bytes, the service...

Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability USSR Advisory Code: USSR-2000047 Release Date: June 16, 2000 Systems Affected: Small HTTP Server ver. 1.212 maybe others THE PROBLEM The Ussr Labs team has recently discovered a buffer...

Max Feoktistov Small HTTP server 1.212 - Buffer Overflow

Max Feoktistov Small HTTP server 1.212 - Buffer Overflow source: https://www.securityfocus.com/bid/1355/info A buffer overflow is present in certain versions of the Small HTTP Server . The overflow in question is triggered by an overlong 65000 or more characters malformed HTTP GET request to the...