header-logo
Suggest Exploit
vendor:
TinyServer
by:
SecurityFocus
7,5
CVSS
HIGH
Directory Traversal, Denial of Service, Cross-Site Scripting
22 (Path Traversal), 20 (Improper Input Validation), 79 (Cross-Site Scripting)
CWE
Product Name: TinyServer
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Multiple Vulnerabilities in TinyServer

TinyServer is prone to multiple vulnerabilities, including a directory traversal issue that could allow a remote user to view or download any file to which the server has access, a denial of service issue due to the failure of the server to check input strings received, and a cross-site scripting issue that could allow for theft of cookie-based authentication credentials or other attacks.

Mitigation:

Ensure that input is properly validated and sanitized, and that the server is configured to limit the length of input strings.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9485/info
 
TinyServer is prone to multiple vulnerabilities.
 
A directory traversal issue is present in TinyServer that could allow a remote user to view or download any file to which the server has access.
 
A denial of service issue exists due to the failure of the server to check input strings received. Attackers can crash the server by simply sending malformed HTTP GET requests. Sending an HTTP GET request with excessively long data can also cause the server to fail. It is not known if this issue may also result in code execution.
 
A cross-site scripting issue is also present in the server. This could allow for theft of cookie-based authentication credentials or other attacks. 

GET /index.htm

index.htm

GET /aaaaaa[ 260 of a ]aaa HTTP/1.1

Navigation

Suggest Exploit

Services By CQR