Reported October 9, 2003 by Ziv Kamir.
Ritlabs TinyWeb 1.9
A Denial of Service (DoS) vulnerability exists in Ritlabs TinyWeb 1.9. By sending a specially formed HTTP GET request, an attacker can crash the server.
Verdana">The discoverer posted the following demonstration as proof of concept:</h3>
A remote user can issue an HTTP GET request for /cgi-bin/.%00./dddd.html and cause the server to consume large amounts of CPU time (88%-92%)
<span style="font-family:Verdana"><a href="http://www.ritlabs.com/" style="color: blue; text-decoration: underline; text-underline: single">Ritlabs</a> has been notified.</h3>
Discovered by Ziv Kamir.