header-logo
Suggest Exploit
vendor:
Savant Webserver
by:
SecurityFocus
7,5
CVSS
HIGH
Savant Webserver Null Character Denial of Service
20
CWE
Product Name: Savant Webserver
Affected Version From: All versions
Affected Version To: All versions
Patch Exists: YES
Related CWE: CVE-2001-0206
CPE: o:savant:savant_webserver
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2001

Savant Webserver Null Character Denial of Service

Savant Webserver is vulnerable to a denial of service attack when a null character is included in a GET request. When the null character is encountered, the webserver will crash and the failure is logged in the general.txt file.

Mitigation:

Upgrade to the latest version of Savant Webserver.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/897/info

The Savant Webserver cannot properly handle null characters in a GET request. If it encounters one, it will crash. The failure is logged in <savant_path>\Logs\general.txt 

http ://target/%00/

Navigation

Suggest Exploit

Services By CQR