PT-2002-1185 · Michael Lamont · Michael Lamont Savant Web Server

Published

2002-03-15

Updated

2016-10-18

CVE-2002-0099

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Michael Lamont Savant Web Server version 3.0

Description The issue allows remote attackers to cause a denial of service, resulting in a crash, by sending a long HTTP request to the "cgi-bin" directory. This request must contain a CGI program name with a large number of . (dot) characters.

Recommendations For Michael Lamont Savant Web Server version 3.0, consider restricting access to the cgi-bin directory or limiting the length of HTTP requests to prevent exploitation until a fix is available. As a temporary workaround, avoid using CGI program names with a large number of . characters in the cgi-bin directory.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-0099

Affected Products

Michael Lamont Savant Web Server

PT-2002-1185 · Michael Lamont · Michael Lamont Savant Web Server

CVE-2002-0099

Related Identifiers

Affected Products

References · 5