https://www.exploit-db.com/exploits/23595
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200401-060

TinyServer1.1版本存在漏洞。远程攻击者借助例如（1）无需HTTP版本（HTTP/1.1）的GET请求，或（2）无GET的请求或HTTP版本的畸形HTTP请求导致服务拒绝（崩溃）。

source: http://www.securityfocus.com/bid/9485/info
 
TinyServer is prone to multiple vulnerabilities.
 
A directory traversal issue is present in TinyServer that could allow a remote user to view or download any file to which the server has access.
 
A denial of service issue exists due to the failure of the server to check input strings received. Attackers can crash the server by simply sending malformed HTTP GET requests. Sending an HTTP GET request with excessively long data can also cause the server to fail. It is not known if this issue may also result in code execution.
 
A cross-site scripting issue is also present in the server. This could allow for theft of cookie-based authentication credentials or other attacks. 

GET /index.htm

index.htm

GET /aaaaaa[ 260 of a ]aaa HTTP/1.1

来源:XF
名称:tinyserver-string-dos(14928)
链接:http://xforce.iss.net/xforce/xfdb/14928
来源:BID
名称:9485
链接:http://www.securityfocus.com/bid/9485
来源:www.autistici.org
链接:http://www.autistici.org/fdonato/advisory/tinyServer1.1%5B1.0.5%5D-adv.txt
来源:BUGTRAQ
名称:20040124TinyServer1.1(1.0.5)MultipleVulnerabilities
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=107496530806730&w;=2
来源:OSVDB
名称:3709
链接:http://www.osvdb.org/3709
来源:SECUNIA
名称:10707
链接:http://secunia.com/advisories/10707