CVE
- Id
- 4493
- CVE No.
- CVE-2002-0099
- Status
- Candidate
- Description
- Buffer overflow in Michael Lamont Savant Web Server 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP request to the cgi-bin directory in which the CGI program name contains a large number of . (dot) characters.
- Phase
- Modified (20020911-01)
- Votes
- ACCEPT(2) Frech, Green | NOOP(4) Cole, Foat, Wall, Ziese | REVIEWING(1) Christey
- Comments
- Christey> Should CVE-2002-0099 and/or CVE-2001-0433 be MERGED with | CVE-2000-0641? All describe slightly different overflows | that, perhaps, should be merged according to CD:SF-LOC. | It depends on which versions are affected, which would require | some vendor acknowledgement or consultation. | | A vague changelog for version 3.1 at | http://sourceforge.net/project/shownotes.php?release_id=75333 says | "security fixes" but it"s not clear *which* security fixes | were made. | | The description for CVE-2000-0641 is slightly incorrect. The | exploit is clearly due to a large number of headers, not | arguments to the GET request itself. So, CVE-2000-0641 | clearly overlaps with CVE-2001-0433. | | The exploit for CVE-2001-0433 also doesn"t really have | anything to do with a "cgi-test.pl" program (which isn"t in | the distribution). The discloser simply used that as an | example program of a long request. | Christey> Modify description so that overflow is described as being | part of the CGI module (so it appears). | | Also, Tamer Sahin confirmed via email (9/11/02) that the | problem was explicitly exhibited using a large number of | . (dot) characters.
