| VID |
12004 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Sambar web server is vulnerable to a denial of service attack.
Sambar Server is a multi-threaded HTTP, FTP and Proxy server for Windows environments. Sambar web server is bundled with the 'cgitest.exe' sample script, which creates security flaw, in the '/cgi-win' directory. This sample script allows a remote attacker to cause a denial of service and crash the server by sending request appended with a long string of characters a few times as the follow :
GET /cgi-win/cgitest.exe?AAAAA...(Ax4000)...AAAAA HTTP/1.1
Moreover, this vulnerability may potentially be used to execute arbitrary code on the server.
* Note: The server must be restarted to regain normal functionality.
Platforms Affected:
All versions of the Sambar server prior to the 5.1 Beta 4 release
* References:
http://online.securityfocus.com/bid/3885
http://www.iss.net/security_center/static/7894.php |
| Recommendation |
Remove or rename the 'cgitest.exe' sample script from the '/cgi-win' directory.
-- OR --
Upgrade to the latest version of Sambar Server (v5.2 or later), available from the Sambar Technologies Web site:
http://www.sambar.com |
| Related URL |
CVE-2002-0128 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
