Sami HTTP Server 1.0.4 GET Request Remote Overflow

high Nessus Network Monitor Plugin ID 1160

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote host seems to be running Sami HTTP Server v1.0.4 or older. A vulnerability has been reported for Sami HTTP server v1.0.4. An attacker may be capable of corrupting data such as return address, and thereby control the execution flow of the program. This may result in denial of service or execution of arbitrary code.

Solution

Use another web server since Sami HTTP is not maintained any more.

See Also

http://www.karjasoft.com/old.php

Plugin Details

Severity: High

ID: 1160

Family: Web Servers

Published: 8/20/2004

Updated: 3/6/2019

Nessus ID: 12073

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:karjasoft:sami_http_server

Reference Information

CVE: CVE-2004-0292

BID: 9679