Small HTTP Server Non-Existent File DoS Vulnerability
BID:1941
Info
Small HTTP Server Non-Existent File DoS Vulnerability
| Bugtraq ID: | 1941 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Nov 14 2000 12:00AM |
| Updated: | Nov 14 2000 12:00AM |
| Credit: | Discovered and posted to Bugtraq by 403-security team <[email protected]> on Nov 14, 2000. |
| Vulnerable: |
Max Feoktistov Small HTTP server 2.0 1 |
| Not Vulnerable: |
Max Feoktistov Small HTTP server 2.0 3 |
Discussion
Small HTTP Server Non-Existent File DoS Vulnerability
Small HTTP Server is a full service web server. This utility is less than 30Kb and requires minimal system resources.
Small HTTP Server is subject to a denial of service. When making an http request without a filename specified the server will attempt to locate index.html in that particular directory, if index.html does not exist the server will utilize a large amount of system memory . If numerous http requests, again structured without a filename, are sent to the web server, an attacker could cause the server to consume all system memory. A restart of the application is required in order to gain normal functionality.
Small HTTP Server is a full service web server. This utility is less than 30Kb and requires minimal system resources.
Small HTTP Server is subject to a denial of service. When making an http request without a filename specified the server will attempt to locate index.html in that particular directory, if index.html does not exist the server will utilize a large amount of system memory . If numerous http requests, again structured without a filename, are sent to the web server, an attacker could cause the server to consume all system memory. A restart of the application is required in order to gain normal functionality.