 |
|
|
|
Hi!
I've found a vulnerability in TelCondex SimpleWebServer 2.06.20817 Build
3128 (tested on Windows XP Professional). It could be that prior
versions are also affected.
It's possible to crash the web server application with a long URL
(starting from 539 Chars)[1]. You'll see a popup message on the victims
host.
You have to restart the httpd service to get a running web server.
I've informed support@telcondex.de on 02/10/12 about the bug. After a
really friendly response[2] the new version 2.09 without the bug is
available at http://www.yourinfosystem.de/download.htm
Bye, Marc
[1] e.g. http://192.168.0.2/AAA[...]AAA
[2] We discussed the bug and it seems that the problem is in the 32 bit
command control for showing the URLs. In other words, every operating
system reacts in another way.
--
Computer, Technik und Security
http://www.computec.ch
|
|
|
|
|
|
|
|
