It is also equipped with an anti-leeching system to automatically prevent other web sites from directly linking to your images or files.Ībyss Web Server supports the standard eXtended Server Side Includes directives to help you create dynamic HTML pages with the least effort and without requiring the use of a scripting language. In addition to its advanced URL decoding engine which rejects malicious and suspicious requests, it features an efficient anti-hacking system which detects at an early stage hacking attempts or denial of service attacks and bans dynamically their originating IP addresses. Security is the #1 priority in Abyss Web Server. The downtime in such a case won’t exceed 1 second! If it happens that the software causes a critical error and crashes (which is by the way very improbable), a report will be generated if possible and the server is automatically restarted. APX (which stands for Anti-crash Protection eXtension) was created, here at Aprelium, to make the server crash-proof. It is available in many languages such as English, French, Arabic, Chinese, and Spanish.Ībyss Web Server is based on the APX architecture. No need to edit configuration files, the console helps you setting the server parameters in an effortless manner and can be accessed from a local or a remote computer. It performs at least as well as the common web servers available on the market.Īn intuitive web management interface called the console makes the web server configuration as easy as browsing a web site. That’s why it can be used without problems even on small or out-dated systems. It supports secure SSL/TLS connections (HTTPS) as well as a wide range of Web technologies.Ĭompact, easy to use and fully compliant to standardsĪbyss Web Server is a compact web server available for Windows, MacOS X, Linux and FreeBSD operating systems.Ībyss Web Server does not require huge memory or excessive computing power to run. (dot dot) sequences in the HTTP request.It can also run advanced PHP, Perl, Python, ASP, ASP.NET, and Ruby on Rails Web applications which can be backed by databases such as MySQL, SQLite, MS SQL Server, MS Access, or Oracle.Ībyss Web Server enables you to host your Web sites on your computer. \ (dot-dot backslash) sequences in an HTTP GET request.Ībyss Web Server 1.0.3 allows remote attackers to list directory contents via an HTTP GET request that ends in a large number of / (slash) characters.Īprelium Abyss Web Server (abyssws) before 1.0.3 stores the administrative console password in plaintext in the nf file, which allows local users with access to the file to gain privileges.ĭirectory traversal vulnerability in Aprelium Abyss Web Server (abyssws) before 1.0.0.2 allows remote attackers to read files outside the web root, including the nf file, via URL-encoded. The Administration console for Abyss Web Server 1.0.3 before Patch 2 allows remote attackers to gain privileges and modify server configuration via direct requests to CHL files such as (1) srvstatus.chl, (2) consport.chl, (3) general.chl, (4) srvparam.chl, and (5) advanced.chl.ĭirectory traversal vulnerability in Abyss Web Server 1.0.3 allows remote attackers to read arbitrary files via. The Administration console for Abyss Web Server 1.0.3 allows remote attackers to read files without providing login credentials via an HTTP request to a target file that ends in a " " character. Heap-based buffer overflow in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. The remote web management interface of Aprelium Technologies Abyss Web Server 1.1.2 and earlier does not log connection attempts to the web management port (9999), which allows remote attackers to mount brute force attacks on the administration console without detection.ĬRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to inject arbitrary HTTP headers and possibly conduct HTTP Response Splitting attacks via CRLF sequences in the Location header. Aprelium Technologies Abyss Web Server 1.1.2, and possibly other versions before 1.1.4, allows remote attackers to cause a denial of service (crash) via an HTTP GET message with empty (1) Connection or (2) Range fields.
0 Comments
Leave a Reply. |