Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Servers :: longur1.txt

Long URL causes TelCondex SimpleWebServer to crash





Hi!

I've found a vulnerability in TelCondex SimpleWebServer 2.06.20817 Build
3128 (tested on Windows XP Professional). It could be that prior
versions are also affected.

It's possible to crash the web server application with a long URL
(starting from 539 Chars)[1]. You'll see a popup message on the victims
host.

You have to restart the httpd service to get a running web server.

I've informed support@telcondex.de on 02/10/12 about the bug. After a
really friendly response[2] the new version 2.09 without the bug is
available at http://www.yourinfosystem.de/download.htm

Bye, Marc

[1] e.g. http://192.168.0.2/AAA[...]AAA

[2] We discussed the bug and it seems that the problem is in the 32 bit
command control for showing the URLs. In other words, every operating
system reacts in another way.

-- 
Computer, Technik und Security
http://www.computec.ch


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH