Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[VulnWatch] MS-DOS Device Name Denial Of Service Vulnerability in Abyss

from [R00tCr4ck] Network Security [Permanent Link]
Subject: [VulnWatch] MS-DOS Device Name Denial Of Service Vulnerability in Abyss Web Server X1 for Windows
Date: Wed, 20 Oct 2004 14:36:33 +0000 
#####################################
# CHT Security Research Center-2004 #
# http://www.CyberSpy.Org           #
# Turkey                            #
#####################################

Software:
Abyss Web Server X1 for Windows

Web Site:
http://www.aprelium.com/

Affected Version(s):
X1

Description:
Abyss Web Server X1 is a free personal web server available for Windows, MacOS
X, Linux, and FreeBSD operating systems.


Official Description from the web site:
"Abyss Web Server is based on the APX architecture.
APX, which stands for Anti-crash Protection eXtension, was created, here at
Aprelium, to make the server crash-proof.
If it happens that the software causes a critical error and crashes (which is by
the way very improbable),
a report will be generated if possible and the server is automatically
restarted.
The downtime in such a case won't last more than 1 second!
Anti-crash protection system guarantees 100% uptime!"

There is MS-DOS Device Name Denial Of Service Vulnerability in Abyss Web Server
X1 for Windows:

It is possible to remotely crash a system running Abyss Web Server X1 by
submitting URL requests for a MS-DOS devicename
such as con,prn,aux in the cgi-bin folder (cgi-bin directory comes with default
installation)A restart of the server service is required in order to gain
normal functionality.

Example:

http://[victim]/cgi-bin/prn

----
Reported By R00tCr4ck at October,20 2004
root(at)CyberSpy.Org
Original Article can be found at:
http://www.CyberSpy.Org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [VulnWatch] MS-DOS Device Name Denial Of Service Vulnerability in Abyss Web Server X1 for Windows, R00tCr4ck <=
Previous by Date:  [VulnWatch] Secunia Research: Multiple Browsers Tabbed Browsing Vulnerabilities, Jakob Balle
Next by Date:  [Full-Disclosure] NSFOCUS SA2004-02 : HP-UX stmkfont Local Privilege Escalation Vulnerability, NSFOCUS Security Team
Previous by Thread:  [VulnWatch] Secunia Research: Multiple Browsers Tabbed Browsing Vulnerabilities, Jakob Balle
Next by Thread:  [Full-Disclosure] NSFOCUS SA2004-02 : HP-UX stmkfont Local Privilege Escalation Vulnerability, NSFOCUS Security Team
Indexes:  [Date] [Thread] [Top] [All Lists]