logo Home

Untitled Document

Home > Archives Advisories > Articles

Untitled Document

Untitled Document

Xeneo Web Server Denial Of Service Vulnerability
Date: 2003-04-22

Author : badpack3t <badpack3t@security-protocols.com>

SP Research Labs Advisory x03

Product - Xeneo Web Server

Download it here:

Date Released - 04/21/2003

Release Mode - Vendor was notified on 3/18/2003. Sent a few emails but
never got any replies. So here it goes.


Product Description from the vendor -

Xeneo Web Server is designed to deliver high performance and
reliability. It can be easily extended and customized to host
everything from a personal web site to advanced web applications
that use ASP, PHP, ColdFusion, Perl, CGI and ISAPI. Key Xeneo
Web Server features include: multiple domain support, integrated
Windows authentication, scripting interface, enhanced filter
support, ISAPI, CGI, ASP, SSL, intelligent file caching and more.


Vulnerability Description -

To exploit this vulnerability, simply do a GET / with 4096 ?'s or more
will cause the web server to go down. It is not exploitable at this

Tested on:

Windows XP Pro SP1
Windows 2000 SP3


proof of concept is attached.

peace out,




arrowSearch Advisories


Free weekly Newsletter.

Please enter your email address here:
arrowReport Vulnerability

If you've found a vulnerability please
click here to report it.


About Us | Contact Us | Advertise | email | Backend flag
Copyright © 2016-2017 Security Corporation - All Rights Reserved - Legal - Privacy Policy