Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Servers :: vws~1.htm

vWebServer show-code vulnerability





    Extirpater found following.

    1- ASP file source disclosing:
    Adding a  unicoded space  character at  the end  of requested URL,
    vWebServer  shows  the  ASP  file  instead  of  executing  it.  An
    example request looks this

    2- DOS device filename vulnerability:
    Under Windows 9x, using any DOS device names (aux, con, prn,  ...)
    as a filename  or directory crashes  Windows.  vWebServer  doesn't
    filter those requests.

    Below example  crashes both  web server  and Windows  with a  blue
    screen of death.  Example:

    3- Very long URL vulnerability:
    Requesting a very long URL (tested 8192 bytes long) will  resulted
    in Error  #5, File  error.   After requesting  2-3 times  the same
    URL, web server will no longer response anything.  Restart needed.

   Credit goes to Melih SARICA and Bilgiteks IT.


    Informed and confirmed.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH