CVE

Id
3251  
CVE No.
CVE-2001-0433  
Status
Candidate  
Description
Buffer overflow in Savant 3.0 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Host HTTP header.  
Phase
Proposed (20010524)  
Votes
MODIFY(1) Frech | NOOP(3) Cole, Wall, Ziese | REVIEWING(1) Christey  
Comments
Frech> XF:savant-get-bo(4901) | Christey> Should CVE-2002-0099 and/or CVE-2001-0433 be MERGED with | CVE-2000-0641? All describe slightly different overflows | that, perhaps, should be merged according to CD:SF-LOC. | It depends on which versions are affected, which would require | some vendor acknowledgement or consultation. | | A vague changelog for version 3.1 at | http://sourceforge.net/project/shownotes.php?release_id=75333 says | "security fixes" but it"s not clear *which* security fixes | were made. | | The description for CVE-2000-0641 is slightly incorrect. The | exploit is clearly due to a large number of headers, not | arguments to the GET request itself. So, CVE-2000-0641 | clearly overlaps with CVE-2001-0433. | | The exploit for CVE-2001-0433 also doesn"t really have | anything to do with a "cgi-test.pl" program (which isn"t in | the distribution). The discloser simply used that as an | example program of a long request.  

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
13721 3251 CVE-2001-0433 BUGTRAQ:20010405 Savant 3.0 Denial Of Service  View

Related JVN