-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sambar Webserver v5.1 DoS Vulnerability Type: DoS, crashes Daemon Release Date: December 16, 2002 Product / Vendor: Sambar Server is a multi-threaded HTTP server for Microsoft Windows and Unix systems. http://www.sambar.com Summary: Sambar Webserver is bundled with a sample cgi script (testcgi.exe) which create security flaw. Server crashes after sending very long request a few times. GET /cgi-win/cgitest.exe?AAAAA...(Ax4000)...AAAAA HTTP/1.1 Tested: Windows 2000 / Sambar Webserver 5.1 Vulnerable: Sambar Webserver 5.1 (And may be other) Disclaimer: http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory. Author: Tamer Sahin ts@securityoffice.net http://www.securityoffice.net Tamer Sahin http://www.securityoffice.net PGP Key ID: 0x2B5EDCB0 Fingerprint: B96A 5DFC E0D9 D615 8D28 7A1B BB8B A453 2B5E DCB0 -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPETB3LuLpFMrXtywEQJxoACgg8Qkb4oNBO0Mk0eUNsrZMqmNM6kAoORT xqjMjk6Fv2K+UzKuoDtcx7Dz =owpC -----END PGP SIGNATURE-----
