Home
Features
Download
Roadmap
Advisory
SF.net page
Hosted by
SourceForge:
Sample WebServer:
Sample MiniWebSvr
Affiliations:
Security Advisory
This page lists the security issues that the author knows about, and their resolutions.Version 0.0.8 and older:
Description:On Windows platforms, the server port can be highjacked (another process can open a port on the used port, the server continues and gets no more requests.)
Risk:
Low (Low chance and high visibility of exploitation)
Credits to:
Christian Blackburn
Resolution:
Fixed in 0.0.9
Version 0.0.7:
Description:Suffers from a directory traversal flaw, using a specially crafted URL one can list the parent folders
Risk:
Critical
Credits to:
shinnai x
http://www.shinnai.altervista.org/viewtopic.php?id=41&t_id=47
http://www.milw0rm.com/exploits/3708
Resolution:
Fixed in 0.0.8
Version 0.0.6 and older:
Description:Suffers from a directory traversal flaw, using a specially crafted URL
"http://yoursite/..%00" one can list the parent folderRisk:
Medium (You can only list the folder contents one level up, not view the file contents)
Credits to:
Daniel Nyström
Resolution:
Fixed in 0.0.7
Description:
Suffers from multiple 0-Day exploits, accessing almost any of the special MS-DOS device files (NUL fixed in 0.05) under windows can cause the CPU usage to rise to 100%
Risk:
Less Critical (Denial of service)
Credits to:
shinnai and rgod
Resolution:
Fixed in o.o.7
Version 0.04:
Description:Multiple vulnerabilities have been identified, which could be exploited by remote attackers to take complete control of an affected system. These issues are due to various buffer overflow errors when processing specially crafted requests, which could be exploited by remote unauthenticated attackers to execute arbitrary commands with the privileges of the server.
Risk:
Critical
Resolution:
Upgrade to MiniWebsvr version 0.05