logo Home

Untitled Document

Home > Archives Advisories > Articles


Untitled Document

Untitled Document

Xeneo Web Server Denial Of Service Vulnerability
Date: 2003-04-22

Author : badpack3t <badpack3t@security-protocols.com>

SP Research Labs Advisory x03
-----------------------------
www.security-protocols.com

Product - Xeneo Web Server 2.2.9.0

Download it here:
http://www.northernsolutions.com/index.php?view=product&id=1

Date Released - 04/21/2003

Release Mode - Vendor was notified on 3/18/2003. Sent a few emails but
never got any replies. So here it goes.

----------------------------

Product Description from the vendor -

Xeneo Web Server is designed to deliver high performance and
reliability. It can be easily extended and customized to host
everything from a personal web site to advanced web applications
that use ASP, PHP, ColdFusion, Perl, CGI and ISAPI. Key Xeneo
Web Server features include: multiple domain support, integrated
Windows authentication, scripting interface, enhanced filter
support, ISAPI, CGI, ASP, SSL, intelligent file caching and more.

-----------------------------

Vulnerability Description -

To exploit this vulnerability, simply do a GET / with 4096 ?'s or more
will cause the web server to go down. It is not exploitable at this
point.

Tested on:

Windows XP Pro SP1
Windows 2000 SP3

-----------------------------

proof of concept is attached.

peace out,

badpack3t
www.security-protocols.com

------------------------------



 

arrowSearch Advisories

arrowNewsletter

Free weekly Newsletter.

Please enter your email address here:
arrowReport Vulnerability

If you've found a vulnerability please
click here to report it.
arrowPartners

newsnow

About Us | Contact Us | Advertise | email | Backend flag
Copyright © 2016-2017 Security Corporation - All Rights Reserved - Legal - Privacy Policy