Sami HTTP Server 1.0.4 GET Request Remote Overflow

high Nessus Plugin ID 12073

Language:

Synopsis

Arbitrary code may be run on the remote web server.

Description

According to its banner, the remote web server is running Sami HTTP server is v1.0.4 or older. An attacker may be capable of corrupting data such as the return address, and thereby control the execution flow of the program. This may result in denial of service or execution of arbitrary code.

Solution

Use another web server since Sami HTTP is not maintained any more.

See Also

http://www.karjasoft.com/old.php

Plugin Details

Severity: High

ID: 12073

File Name: samihttp_1_0_4.nasl

Version: 1.17

Type: remote

Family: Web Servers

Published: 2/22/2004

Updated: 6/12/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2/13/2004

Reference Information

CVE: CVE-2004-0292

BID: 9679