Tamer Şahin / tamersahin.com

ScriptEase MiniWeb Server DoS Vulnerability

Type

DoS, crashes Daemon

Release Date

February 19, 2002

Product / Vendor

The ScriptEase MiniWeb Server, written entirely in ScriptEase, is being distributed free by Nombas. This server is not intended to compete with commercial web servers, rather it is meant to allow you to easily setup a personal web site and for testing page design and CGI scripts.

http://www.nombas.com

Summary

ScriptEase MiniWeb Server is subject to a denial of service. Submitting a request of unusual length to the host will cause the server to crash. A restart is required in order to gain normal functionality.

http://host/AAAAAA...(Ax2000)...AAAAAA

Tested

Windows 2000 / ScriptEase MiniWeb Server v0.95

Vulnerable

ScriptEase MiniWeb Server v0.95 (And may be other)

Disclaimer

http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory.

Author

Tamer Sahin
ts(at)securityoffice.net
http://www.securityoffice.net