| Tripbit Security Advisory | TA-180603 |
Severity:
|
Medium/High |
Application: |
Armida Databased Web Server v1.0 |
Platform: |
Windows |
Class: |
Insufficient Boundary Checking |
Release
Date: |
June 18th, 2003 |
Vendor:
|
http://www.frassetto.it |
A
HTTP server designed for Internet and intranet installations. It supports
direct database access without CGI, multiple host (virtual or port-linked)
and access security. Support many advanced features that can allow visitors
to add or change database entries. Accounts using username/password access
can be set up with the ability to decrement credits from the user when
defined pages are accessed. Auto-install and remove. On-line documentation
and support. |
The
Armida Databased Web Server has a vulnerability in the standard configuration.
This allows an attacker to crash the server by making a request with more than 5000
bytes. Example: http://host.com/AAAAA(more than 5000 bytes)... |
<QUOTE> In the "armida.ini" file, in the section "[armida]", set Pirati=20 This will fix the problem. </QUOTE> |
The
vendor has been notified. |
The
information within this paper may change without notice. Use of this information
constitutes acceptance for use in an 'AS IS' condition. There are 'NO'
warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is
at the user's own risk. |
| This
vulnerability has been found and researched by: posidron posidron@tripbit.org rushjo rushjo@tripbit.org |
You
can find the latest version of this warning under the following URL: http://www.tripbit.org/advisories/TA-180603.html |