April 23rd, 2003, 07:36 PM
new DoS for Xeneo WebServers
although Xeneo (to my knowledge) isn't terribly popular i still thought you might want to know about it's latest vuln (at this point is not exploitable) -
The DoS is only one GET request with 4,096 '?'s in it? go figure? maybe something to do with the QUERY_STRING correlation?
Found a DoS vulnerability in Xeneo Web Server 220.127.116.11. Read more for the full advisory.
SP Research Labs Advisory x03
Product - Xeneo Web Server 18.104.22.168
Download it here:
Date Released - 04/21/2003
Release Mode - Vendor was notified on 3/18/2003. Sent a few emails but
never got any replies. So here it goes.
my $def = "?";
my $num = "4096";
yeah, I\'m gonna need that by friday...