although Xeneo (to my knowledge) isn't terribly popular i still thought you might want to know about it's latest vuln (at this point is not exploitable) -The DoS is only one GET request with 4,096 '?'s in it? go figure? maybe something to do with the QUERY_STRING correlation?Found a DoS vulnerability in Xeneo Web Server 2.2.9.0. Read more for the full advisory.
SP Research Labs Advisory x03
-----------------------------
www.security-protocols.com
Product - Xeneo Web Server 2.2.9.0
Download it here:
http://www.northernsolutions.com/ind...w=product&id=1
Date Released - 04/21/2003
Release Mode - Vendor was notified on 3/18/2003. Sent a few emails but
never got any replies. So here it goes.
Code:my $def = "?"; my $num = "4096";
Reply With Quote