Security Advisory B005

Security Advisory B005 - Jeuce Personal Webserver v2.13 GET Request Processing Lets Remote User Deny Service
==================

Release Date: May 2 2005

Impact: A remote user can make the Jeuce Personal Webserver crash, and thus deny service to other users.

Vendor URL: http://www.jeuce.com/

Vulnerable Versions: Tested on v2.13, previous versions probably vulnerable as well.

Description:
Jeuce Personal Webserver is a small webserver that makes the sharing of personal files or the hosting of personal websites easy.
An unchecked buffer in Jeuce Personal Webserver allows a remote user to make the service crash, and thus deny service to other users.
Example: http://webserver/AAAAAAA...AAAA (with about 240 A's).

Solution/Status:
Vendor has been contacted multiple times on multiple e-mail addresses but never responded. No patch available.