[23859] in bugtraq
Sambar Webserver v5.1 DoS Vulnerability
daemon@ATHENA.MIT.EDU (Tamer Sahin)
Tue Jan 15 20:21:36 2002
Message-ID: <001b01c19e20$5e79b0a0$898883d9@ts>
Reply-To: "Tamer Sahin" <ts@securityoffice.net>
From: "Tamer Sahin" <ts@securityoffice.net>
To: <bugtraq@securityfocus.com>
Date: Wed, 16 Jan 2002 01:57:17 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sambar Webserver v5.1 DoS Vulnerability
Type:
DoS, crashes Daemon
Release Date:
December 16, 2002
Product / Vendor:
Sambar Server is a multi-threaded HTTP server for Microsoft Windows
and Unix systems.
http://www.sambar.com
Summary:
Sambar Webserver is bundled with a sample cgi script (testcgi.exe)
which create security flaw. Server crashes after sending very long
request a few times.
GET /cgi-win/cgitest.exe?AAAAA...(Ax4000)...AAAAA HTTP/1.1
Tested:
Windows 2000 / Sambar Webserver 5.1
Vulnerable:
Sambar Webserver 5.1 (And may be other)
Disclaimer:
http://www.securityoffice.net is not responsible for the misuse or
illegal use of any of the information and/or the software listed on
this security advisory.
Author:
Tamer Sahin
ts@securityoffice.net
http://www.securityoffice.net
Tamer Sahin
http://www.securityoffice.net
PGP Key ID: 0x2B5EDCB0 Fingerprint:
B96A 5DFC E0D9 D615 8D28 7A1B BB8B A453 2B5E DCB0
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQA/AwUBPETB3LuLpFMrXtywEQJxoACgg8Qkb4oNBO0Mk0eUNsrZMqmNM6kAoORT
xqjMjk6Fv2K+UzKuoDtcx7Dz
=owpC
-----END PGP SIGNATURE-----
