LiteServe is a powerful, full-featured Web, email and FTP server. This server software is perfect for personal websites or commercial sites with high traffic demands and multiple domains. A vulnerability in the way the program decodes URL allows remote attackers to cause it to crash.
Credit:
The information has been provided by Matthew Murphy.
LiteServe's URL decoder has a problem handling illegal "%xx" sequences, such as "%.@", for example, and may produce corrupted output when such a sequence is used. The problem appears to be a referencing issue when the decode sequence does not specify a legitamite hexadecimal sequence. A denial of service may occur if LiteServe is passed an extremely large request consisting only of "%" characters. 290,259 such characters will cause LiteServe to freeze:
GET /[buffer] HTTP/1.0
After this request is processed, attempting to connect to the HTTP service reveals that the server is dead.
