[19573] in bugtraq
Savant 3.0 web server vulnerability
daemon@ATHENA.MIT.EDU (Phiber)
Fri Mar 9 14:01:23 2001
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-2"
Content-Transfer-Encoding: 7bit
Message-ID: <001d01c0a825$4b721d40$ea82bfd5@phiber>
Date: Fri, 9 Mar 2001 00:12:44 +0100
Reply-To: Phiber <phiber@xatrix.org>
From: Phiber <phiber@xatrix.org>
To: BUGTRAQ@SECURITYFOCUS.COM
Vendor Name: Savant
Product: Savant 3.0 web server
Discoverd by: Xatrix
Url: www.xatrix.org
1. About software
Savant web server has been written by Michael Lamont
(http://savant.sourceforge.com) it is very configurable freeware
http deamon for win95/98. It's current version is 3.0
2. Full Detail
It is known that you can crash Savant web server 2.1 and 2.0 by sending
something like this '%00'(that was discoverd by Ussr), and it was fixed
in version 3.0 but something like that is still present in 3.0; by sending
something like (e.g.)
www.web_server_that_runs_on_SAVANT.com/%%%
web server can be crashed.
3. Closing word
I hope that vendor will proved patch,or meybe release new version of
web server which will be immune to this type of DoS.
Hello goes to Ussr team for discovering this problem long time ago ...
"Stay informed, visit XatriX security"
>> www.xatrix.org <<
