Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Servers :: web5449.htm

DevWex Denial of Service and Directory traversal



14th Jun 2002 [SBWID-5449]
COMMAND

	DevWex Denial of Service and Directory traversal

SYSTEMS AFFECTED

	Seanox DevWex 1.2002.0520 Windows binary

PROBLEM

	Ueli Kistler [http://www.eclipse.fr.fm] found following:
	

	DevWex is a small and flexible Webserver  running  as  standalone  win32
	binary and as JAVA application.
	

	

	 Buffer-overflow problem

	 -----------------------

	

	It exists a buffer-overflow problem in  the  procedure  handling  a  GET
	command. Sending at least 258383  caracters  with  a  GET  command  will
	crash the server and make it inaccessible. This could perhaps  allow  an
	attacker to execute shellcode.
	

	

	Example: GET 258383xA+CRLF+CRLF

	

	

	

	 Directory traversal

	 -------------------

	

	An attacker can request an URL containing  Windows  path  delimiters  to
	break out of the document root of DevWex. This  allows  an  attacker  to
	download sensitive data.
	

	

	Example: GET /..\\..\\..\\..\\anyfile

	

SOLUTION

	Seanox has released a new version (1.2002.0601)


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH