Reported October 9, 2003 by Ziv Kamir.
Ritlabs TinyWeb 1.9
A Denial of Service (DoS) vulnerability exists in Ritlabs TinyWeb 1.9. By sending a specially formed HTTP GET request, an attacker can crash the server.
The discoverer posted the following demonstration as proof of concept:
A remote user can issue an HTTP GET request for /cgi-bin/.%00./dddd.html and cause the server to consume large amounts of CPU time (88%-92%)
Ritlabs has been notified.
Discovered by Ziv Kamir.