| VID |
22361 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Sambar Server, according to its banner, has a denial of service vulnerability in the /search/results.stm. Sambar Server is a multi-threaded HTTP server with integrated FTP, Mail, and Proxy server services. Sambar Server versions 3.x, 4.x, 5.x, and possibly version 6.0 are vulnerable to a denial of service attack, caused by a buffer overflow vulnerability in the '/search/results.stm' application. By sending a specially-crafted request to the affected server, a remote attacker could cause the server to crash.
* Note: This check solely relied on the banner of the remote HTTP server to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2003-06/0177.html
* Platforms Affected:
Sambar Technologies, Inc., Sambar Server 3.x
Sambar Technologies, Inc., Sambar Server 4.x
Sambar Technologies, Inc., Sambar Server 5.x
Sambar Technologies, Inc., Sambar Server 6.0
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Sambar server (6.2 or later), available from the Sambar Technologies Web site at http://www.sambar.com/ |
| Related URL |
(CVE) |
| Related URL |
7975 (SecurityFocus) |
| Related URL |
12402 (ISS) |
|
