SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Savant (web server) Vendors:   Lamont, Michael
Savant Web Server v3.0 Can Be Crashed Remotely With a Malformed Request
SecurityTracker Alert ID:  1001077
SecurityTracker URL:  http://securitytracker.com/id/1001077
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 13 2001
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): Savant 3.0
Description:   Xatrix.org reports that the Savant web server v3.0 by Michael Lamont is vulnerable to a denial of service condition that allows a remote user to crash the server.

Although an earlier similar problem with Savant was corrected, the server is still vulnerable to certain malformed requests. If a user with web access to the server sends a specially crafted request to the web server, it will crash. An example of a malformed request is:
www.web_server_that_runs_on_SAVANT.com/%%%

Impact:   A remote user can crash the server.
Solution:   No solution was available at the time of this entry.
Vendor URL:  savant.sourceforge.com (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (95), Windows (98)

Message History:   None.


 Source Message Contents

Subject:  Savant 3.0 web server vulnerability


Vendor Name: Savant
Product: Savant 3.0 web server
Discoverd by: Xatrix
Url: www.xatrix.org

1. About software

Savant web server has been written by Michael Lamont
(http://savant.sourceforge.com) it is very configurable freeware
http deamon for win95/98. It's current version is 3.0

2.  Full Detail

It is known that you can crash Savant web server 2.1 and 2.0 by sending
something like this '%00'(that was discoverd by Ussr), and it was fixed
in version 3.0 but something like that is still present in 3.0; by sending
something like (e.g.)

    www.web_server_that_runs_on_SAVANT.com/%%%

web server can be crashed.

3. Closing word

I hope that vendor will proved patch,or meybe release new version of
web server which will be immune to this type of DoS.
Hello goes to Ussr team for discovering this problem long time ago ...


"Stay informed, visit XatriX security"
  >> www.xatrix.org <<


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC