Sami HTTP Server 1.0.4 GET Request Remote Overflow

This script is Copyright (C) 2004-2011 Audun Larsen


Synopsis :

Arbitrary code may be run on the remote web server.

Description :

According to its banner, the remote web server is running Sami HTTP
server is v1.0.4 or older. An attacker may be capable of corrupting
data such as the return address, and thereby control the execution
flow of the program. This may result in denial of service or
execution of arbitrary code.

See also :

http://www.karjasoft.com/old.php

Solution :

Use another web server since Sami HTTP is not maintained any more.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.4
(CVSS2#E:U/RL:U/RC:ND)
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 12073 ()

Bugtraq ID: 9679

CVE ID: CVE-2004-0292