Sambar Server cgitest.exe example script denial of service
| sambar-cgitest-dos (7894) |  Low Risk |
Description:
Sambar Server is vulnerable to a denial of service attack. A remote attacker can send several specially-crafted GET requests for the cgitest.exe example script appended with a long string of characters to the server to cause the server to crash. The server must be restarted to regain normal functionality.
Platforms Affected:
- Sambar, Sambar Server 5.1
Remedy:
Upgrade to the latest version of Sambar Server (5.1 production release or later), available from the Sambar Technologies Web site. See References.
Consequences:
Denial of Service
References:
- BugTraq Mailing List, Tue Jan 15 2002 - 17:57:17 CST, Sambar Webserver v5.1 DoS Vulnerability at http://archives.neohapsis.com/archives/bugtraq/2002-01/0188.html.
- Nessus plugin ID : 11131, Sambar web server DOS at http://cgi.nessus.org/plugins/dump.php3?id=11131.
- Sambar Technologies Web site, SAMBAR TECHNOLOGIES at http://www.sambar.com/.
- Sambar Technologies Web site, Sambar Server Security Alert at http://www.sambar.com/security.htm.
- BID-3885: Sambar Server Sample Script Denial Of Service Vulnerability
- CVE-2002-0128: cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long argument.
Reported:
Jan 16, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net