Home page logo

bugtraq logo Bugtraq mailing list archives

NSCA HTTPD (for Windows) bug.
From: renosm () YAHOO COM (Renos)
Date: Fri, 8 May 1998 01:33:26 -0700

Well, it seems that I found a bug in NCSA's httpd v1.4 (for Windows).
The bug can cause the server to crash. The problem seems to be that
the server has MAX_STRING_LEN defined to 256 characters. So, when a
client's request is larger than 256 characters the server crases.
I tested it on a PC running Windows 3.11, wich I believe are more
stable than Win95, with W32s driver. I TELNETed into the server on
port 80 (using as the IP address). Then using the 'GET'
command I insert more than 256 characters. The server crashed showing
a message asking the user to terminate the program. I haven't try it
yet on other PC, but the problem it's the MAX_STRING_LEN, so it
doesn't make any differents.
The server crashes showing no messages to the clients screen. In the
Access Log files the client's request seems like a normal request nad
Ididn't found anything on Error Log file.I even tested with a Web
Browser calling a file with more than 256 characters and I had the
same results.
Since the server is not for commercial use the bug doesn't seem to be
serious. A fix would be to re-define MAX_STRING_LEN to a much bigger
number. As far as I know the Server Administrator cannot re-define

Get your free @yahoo.com address at http://mail.yahoo.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]