[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[VulnWatch] MS-DOS Device Name Denial Of Service Vulnerability in Abyss Web Server X1 for Windows
- To: bugtraq@xxxxxxxxxxxxxxxxx, vuln@xxxxxxxxxxx, bugs@xxxxxxxxxxxxxxxxxxx, vulnwatch@xxxxxxxxxxxxx
- Subject: [VulnWatch] MS-DOS Device Name Denial Of Service Vulnerability in Abyss Web Server X1 for Windows
- From: R00tCr4ck <root@xxxxxxxxxxxx>
- Date: Wed, 20 Oct 2004 14:36:33 +0000
#####################################
# CHT Security Research Center-2004 #
# http://www.CyberSpy.Org #
# Turkey #
#####################################
Software:
Abyss Web Server X1 for Windows
Web Site:
http://www.aprelium.com/
Affected Version(s):
X1
Description:
Abyss Web Server X1 is a free personal web server available for Windows, MacOS
X, Linux, and FreeBSD operating systems.
Official Description from the web site:
"Abyss Web Server is based on the APX architecture.
APX, which stands for Anti-crash Protection eXtension, was created, here at
Aprelium, to make the server crash-proof.
If it happens that the software causes a critical error and crashes (which is by
the way very improbable),
a report will be generated if possible and the server is automatically
restarted.
The downtime in such a case won't last more than 1 second!
Anti-crash protection system guarantees 100% uptime!"
There is MS-DOS Device Name Denial Of Service Vulnerability in Abyss Web Server
X1 for Windows:
It is possible to remotely crash a system running Abyss Web Server X1 by
submitting URL requests for a MS-DOS devicename
such as con,prn,aux in the cgi-bin folder (cgi-bin directory comes with default
installation)A restart of the server service is required in order to gain
normal functionality.
Example:
http://[victim]/cgi-bin/prn
----
Reported By R00tCr4ck at October,20 2004
root(at)CyberSpy.Org
Original Article can be found at:
http://www.CyberSpy.Org