NI3
11-03-2003, 08:44 AM
Security-Corporation ID : SC-0722
URL : [Only registered and activated users can see links]
Author : d4rkgr3y <d4rk securitylab ru>
Product : BRS WebWeaver
/************************************************** ********
*
* m00 security advistory #004
*
* BRS WebWeaver remote DoS vulnerability
*
* [Only registered and activated users can see links]
*
************************************************** **********/
---------------------------------
Product: BRS WebWeaver
Version: 1.06 and bellow
OffSite: [Only registered and activated users can see links]
---------------------------------
Overview:
BRS WebWeaver is an HTTP Server with support for
CGI, ISAPI, SSI, IP Address based security, Realm
based security, configurable users and groups, as well
as basic HTTP capabilities.
Problem description:
BRS WebWeaver [Only registered and activated users can see links] crashes and freeze the whole system,
when it get the request that contatins long string within
`User-Agent` field. The vulnarability doesn't seems
exploitable, except DoS.
Exploit:
Lame cpp exploit code that demonstrate possibility of
remote Denial-of-Service attack against BRS WebWeaver.
Related File : [Only registered and activated users can see links]
(c) m00 Security / d4rkgr3y [d4rk securitylab ru]
URL : [Only registered and activated users can see links]
Author : d4rkgr3y <d4rk securitylab ru>
Product : BRS WebWeaver
/************************************************** ********
*
* m00 security advistory #004
*
* BRS WebWeaver remote DoS vulnerability
*
* [Only registered and activated users can see links]
*
************************************************** **********/
---------------------------------
Product: BRS WebWeaver
Version: 1.06 and bellow
OffSite: [Only registered and activated users can see links]
---------------------------------
Overview:
BRS WebWeaver is an HTTP Server with support for
CGI, ISAPI, SSI, IP Address based security, Realm
based security, configurable users and groups, as well
as basic HTTP capabilities.
Problem description:
BRS WebWeaver [Only registered and activated users can see links] crashes and freeze the whole system,
when it get the request that contatins long string within
`User-Agent` field. The vulnarability doesn't seems
exploitable, except DoS.
Exploit:
Lame cpp exploit code that demonstrate possibility of
remote Denial-of-Service attack against BRS WebWeaver.
Related File : [Only registered and activated users can see links]
(c) m00 Security / d4rkgr3y [d4rk securitylab ru]