-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ScriptEase MiniWeb Server DoS Vulnerability Type: DoS, crashes Daemon Release Date: February 19, 2002 Product / Vendor: The ScriptEase MiniWeb Server, written entirely in ScriptEase, is being distributed free by Nombas. This server is not intended to compete with commercial web servers, rather it is meant to allow you to easily setup a personal web site and for testing page design and CGI scripts. http://www.nombas.com Summary: ScriptEase MiniWeb Server is subject to a denial of service. Submitting a request of unusual length to the host will cause the server to crash. A restart is required in order to gain normal functionality. http://host/AAAAAA...(Ax2000)...AAAAAA Tested: Windows 2000 / ScriptEase MiniWeb Server v0.95 Vulnerable: ScriptEase MiniWeb Server v0.95 (And may be other) Disclaimer: http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory. Author: Tamer Sahin ts@securityoffice.net http://www.securityoffice.net Tamer Sahin http://www.securityoffice.net PGP Key ID: 0x2B5EDCB0 -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPHKo57uLpFMrXtywEQKBbACgtrwUc1G8n0o4DIA/rdmSrYLFKHAAoJFY pc1JjM45gP7RgcgW+HLkC+oP =ALaR -----END PGP SIGNATURE-----
