AnalogX SimpleServer:WWW服务拒绝漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1106310 漏洞类型 未知
发布时间 2001-04-17 更新时间 2005-05-02
CVE编号 CVE-2001-0386 CNNVD-ID CNNVD-200107-027
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/20771
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200107-027
|漏洞详情
AnalogXSimpleServer:WWW1.08版本存在漏洞。远程攻击者可以借助/aux目录的HTTP请求导致服务拒绝。
|漏洞EXP
source: http://www.securityfocus.com/bid/2608/info

Simpleserver:WWW is a freely available web server from AnalogX. Simpleserver:WWW is designed to provide an easy to use web server with a friendly interface.

A problem with the web server could lead to a Denial of Service to legitimate users. By connecting to the web server, and requesting an HTTP GET of the /aux directory, the web server ceases operation. A watchdog process or manual restart of the web server process is required.

Therefore, it is possible for remote users to deny service to legitimate users of the web server. 

telnet vulnerable.web.server 80
GET /aux
then hit return twice
|参考资料

来源:BID
名称:2608
链接:http://www.securityfocus.com/bid/2608
来源:BUGTRAQ
名称:20010417AdvisoryforSimpleServer:WWW(analogX)
链接:http://www.securityfocus.com/archive/1/177156
来源:XF
名称:analogx-simpleserver-aux-dos(6395)
链接:http://xforce.iss.net/static/6395.php
来源:OSVDB
名称:3781
链接:http://www.osvdb.org/3781