| VID |
22324 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The relevant host is running a version of Sami HTTP Server which is older or equal to 1.0.5. Sami HTTP server is a small and simple yet functionable webserver for Microsoft Windows platforms. Sami HTTP Server versions 1.0.5 and other versions are vulnerable to the following vulnerabilities:
- A directory traversal vulnerability could allow a remote attacker to view files that are located outside of the web document directory.
- A NULL pointer dereference error when processing received data can be exploited to crash the web service.
* Note: This check solely relied on the banner of the remote Sami HTTP server to assess this vulnerability, so this might be a False Positive.
* References:
http://secunia.com/advisories/14283
http://www.securitytracker.com/alerts/2005/Feb/1013191.html
* Platforms Affected:
KarjaSoft, Sami HTTP Server 1.0.5 and earlier
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of March 2005.
Upgrade to the new version of Sami HTTP Server, when new version fixed this problem becomes available from the KarjaSoft Web site at http://www.karja.com/ |
| Related URL |
CVE-2005-0450,CVE-2005-0451 (CVE) |
| Related URL |
12559 (SecurityFocus) |
| Related URL |
19338,19340 (ISS) |
|
