Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Servers :: web5134.htm

Essentia Web Server DoS and directory traversal



25th Feb 2002 [SBWID-5134]
COMMAND

	Essentia Web Server DoS and directory traversal

SYSTEMS AFFECTED

	Essentia Web Server 2.1
	

	

PROBLEM

	Tamer Sahin [http://www.securityoffice.net] found following :
	

	The  Essentia  Web  Server  provides  Enhanced   Web   Application   and
	Communication Services. Whether you are setting up a simple Web Site  on
	your Corporate Intranet  or  creating  large  sites  for  the  Internet,
	Essentia provides a simple and flexible way to  make  an  even  stronger
	Web and Applications Platform. [http://www.essencomp.com/]
	

	

	 Denial of Service

	 =================

	

	Essentia Web Server is subject to a  denial  of  service.  Submitting  a
	request of unusual length to the host will cause the server to crash.  A
	restart is required in order to gain normal functionality.
	

	

	http://host/AAAAAA...(Ax2000)...AAAAAA

	

	

	 Directory Traversal

	 ===================

	

	Adding the string \"/../\" to an URL allows  an  attacker  to  view  and
	download any file on the server.
	

	

	http://host/../../

	

SOLUTION

	 Update 

	 ======

	

	The new release can be downloaded from the following link:
	

	http://www.essencomp.com/Products/Essentia/Essentia.exe

	


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH