TinyServer Multiple Vulnerabilities
BID:9485
Info
TinyServer Multiple Vulnerabilities
| Bugtraq ID: | 9485 |
| Class: | Unknown |
| CVE: |
CVE-2004-2116 CVE-2004-2117 CVE-2004-2118 CVE-2004-2119 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 24 2004 12:00AM |
| Updated: | Jul 12 2009 02:06AM |
| Credit: | Discovery is credited to Donato Ferrante <[email protected]>. |
| Vulnerable: |
TinyServer TinyServer 1.1 |
| Not Vulnerable: | |
Discussion
TinyServer Multiple Vulnerabilities
TinyServer is prone to multiple vulnerabilities.
A directory traversal issue is present in TinyServer that could allow a remote user to view or download any file to which the server has access.
A denial of service issue exists due to the failure of the server to check input strings received. Attackers can crash the server by simply sending malformed HTTP GET requests. Sending an HTTP GET request with excessively long data can also cause the server to fail. It is not known if this issue may also result in code execution.
A cross-site scripting issue is also present in the server. This could allow for theft of cookie-based authentication credentials or other attacks.
TinyServer is prone to multiple vulnerabilities.
A directory traversal issue is present in TinyServer that could allow a remote user to view or download any file to which the server has access.
A denial of service issue exists due to the failure of the server to check input strings received. Attackers can crash the server by simply sending malformed HTTP GET requests. Sending an HTTP GET request with excessively long data can also cause the server to fail. It is not known if this issue may also result in code execution.
A cross-site scripting issue is also present in the server. This could allow for theft of cookie-based authentication credentials or other attacks.
Exploit / POC
TinyServer Multiple Vulnerabilities
The following proof of concept was supplied:
Directory traversal:
http://[host]/../../windows/system.ini
Denial of service:
GET /index.htm
index.htm
GET /aaaaaa[ 260 of a ]aaa HTTP/1.1
Cross-site scripting:
http://[host]/<script>alert("Test")</script>
The following proof of concept was supplied:
Directory traversal:
http://[host]/../../windows/system.ini
Denial of service:
GET /index.htm
index.htm
GET /aaaaaa[ 260 of a ]aaa HTTP/1.1
Cross-site scripting:
http://[host]/<script>alert("Test")</script>
Solution / Fix
TinyServer Multiple Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
TinyServer Multiple Vulnerabilities
References:
References:
- TinyServer Project Page (TinyServer)
- Tiny Server 1.1 (1.0.5) Multiple Vulnerabilities ("Donato Ferrante"
)