SeaNox DevWex Version 1.2002.0520 is a German language web server that runs as a standalone Win32 binary and as a Java application.
Two security issues exist in the DevWex web server. The first is a buffer overflow using a malformed GET request. An attacker can send the following malformed GET request to crash the web server:
GET 258383xA + Carriage Return/Line Feed (CRLF) + CRLF
The second security issue allows an attacker to access files outside the web root directory. This can include sensitive system information. A remote attacker can send the following malformed GET request to access any known file on the system:
An updated version is available.