Title: WhitSoft SlimServe HTTPD Get Denial of Service Vulnerability
Severity: MODERATE
Description:
SlimServe HTTPd is a free HTTP Daemon maintained by WhitSoft Development. SlimServe HTTPd is designed to provide basic HTTP services on the Microsoft Windows platform. The server includes an easy to use configuration menu, and provides a minimum set of features easily used by computer novices.
A vulnerability has been discovered in the server. It is possible to deny service to legitimate users through a trivial problem in the software package.
Due to insufficient handling of input by clients, it is possible to overflow a buffer in the server. Upon making a long HTTP GET request to a SlimServe server (approximately 80000 characters), an overflow in the buffer storing the GET request overwrites memory space, and corrupts the running program.
As a result, the daemon dies unexpectedly, producing an "invalid page fault." Normal operation of HTTP services will not continue until the program is restarted manually.
Affected Products:
- WhitSoft SlimServe HTTPd 1.1.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
