| Sambar Server
Sample Script Denial Of Service Vulnerability
Type DoS, crashes Daemon Release Date January 16, 2002 Product / Vendor Sambar Server is a multi-threaded HTTP server for Microsoft Windows and Unix systems. Summary It is possible to cause a denial of service to Sambar Server by sending consecutive excessively long requests to the 'cgitest.exe' sample script. The possibility exists that this issue may be the result of improper bounds checking. As a result, this vulnerability may potentially be used to execute arbitrary code on the host running the vulnerable software. GET /cgi-win/cgitest.exe?AAAAA...(Ax4000)...AAAAA HTTP/1.1 Tested Windows 2000 / Sambar Webserver 5.1 Vulnerable Sambar Webserver 5.1 (And may be other) Disclaimer http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory. Author Tamer Sahin |