AOH :: Web :: Servers :: WEB5449.HTM

AOH :: Web :: Servers :: WEB5449.HTM
DevWex Denial of Service and Directory traversal

14th Jun 2002 [SBWID-5449]

COMMAND

	DevWex Denial of Service and Directory traversal

SYSTEMS AFFECTED

	Seanox DevWex 1.2002.0520 Windows binary

PROBLEM

	Ueli Kistler [http://www.eclipse.fr.fm] found following:
	

	DevWex is a small and flexible Webserver  running  as  standalone  win32
	binary and as JAVA application.
	

	

	 Buffer-overflow problem

	 -----------------------

	

	It exists a buffer-overflow problem in  the  procedure  handling  a  GET
	command. Sending at least 258383  caracters  with  a  GET  command  will
	crash the server and make it inaccessible. This could perhaps  allow  an
	attacker to execute shellcode.
	

	

	Example: GET 258383xA+CRLF+CRLF

	

	

	

	 Directory traversal

	 -------------------

	

	An attacker can request an URL containing  Windows  path  delimiters  to
	break out of the document root of DevWex. This  allows  an  attacker  to
	download sensitive data.
	

	

	Example: GET /..\\..\\..\\..\\anyfile

	

SOLUTION

	Seanox has released a new version (1.2002.0601)

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.