|
|
| |
TinyWeb is "extremely small (executable file size is 53K), simple (no configuration other than through the command line) and fast (consumes minimum of system resources) Win32 daemon for regular (TCP/http) and secure (SSL/TLS/https) web servers".
A vulnerability in the product allows remote attackers to cause the server to crash by sending it a special request. |
| |
Credit:
The information has been provided by Ziv Kamir.
|
| |
Vulnerable systems:
* TinyWeb version 1.9
A remote user can issue an HTTP GET request for /cgi-bin/.%00./dddd.html and cause the server consume large amounts of CPU time (88%-92%).
|
|
|
