CVE-2002-0298

Name of the Vulnerable Software and Affected Versions ScriptEase MiniWeb Server version 0.95

Description The issue allows remote attackers to cause a denial of service, resulting in a crash, via certain HTTP GET requests. This can be achieved by sending requests with specific patterns, including (1) a %2e%2e (encoded dot-dot), (2) several /../ (dot dot) sequences, (3) a missing URI, or (4) several ../ in a URI that does not begin with a / (slash) character.

Recommendations For ScriptEase MiniWeb Server version 0.95, consider restricting or validating HTTP GET requests to prevent the denial of service, especially those containing suspicious patterns such as %2e%2e, /../ sequences, missing URIs, or ../ in URIs not starting with a /. At the moment, there is no information about a newer version that contains a fix for this vulnerability.