Xitami Webserver MS-DOS 设备名DoS漏洞

漏洞信息详情

Xitami Webserver MS-DOS 设备名DoS漏洞

• CNNVD编号：CNNVD-200107-024
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2001-0391
  
• 漏洞类型：
  
  
  其他
  
• 发布时间：
  
  2001-07-02
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  imatix
• 漏洞来源：
  Reported to bugtra…

Xitami 2.5d4及其早期版本存在漏洞。远程攻击者借助到/aux目录HTTP请求使得服务器崩溃。

In a followup advisory dated April 18, 2001, the vendor notes:
—
we plan to release a minor update to both Xitami 2.4 (release code), and Xitami 2.5 (beta test code)
with a work around for this issue, possibly including a hard coded check for AUX that is always done, in addition to the Win32 QueryDosDevice() where available. This update will be announced on the Xitami user mailing list, and announcement list when it is available.
Meanwhile some Xitami users have reported that defining an Xitami alias for “AUX” that points at some non-existant file avoids the issue reported (as the alias expansion is done before any files are opened); we would suggest those looking for an immediate work around consider this.
—
Imatix Xitami for Windows 2.4 d7

• Imatix Xitami for Windows 2.4d9
  
  http://www.xitami.com/download.htm

Imatix Xitami for Windows 2.5 b4

• Imatix Xitami for Windows 2.5b5
  
  http://www.xitami.com/download.htm

来源: BUGTRAQ
名称: 20010417 Advisory for Xitami 2.4d7, 2.5d4
链接:http://archives.neohapsis.com/archives/bugtraq/2001-04/0277.html