Michael Lamont Savant Web Server 3.0 HTTP GET Request denial of service
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.2 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as problematic, has been found in Michael Lamont Savant Web Server 3.0. This issue affects some unknown processing of the component HTTP GET Request Handler. This manipulation causes denial of service. There is not any exploit available. It is advisable to implement restrictive firewalling.
Details
A vulnerability has been found in Michael Lamont Savant Web Server 3.0 (Web Server) and classified as problematic. Affected by this vulnerability is an unknown functionality of the component HTTP GET Request Handler. The manipulation with an unknown input leads to a denial of service vulnerability. The CWE definition for the vulnerability is CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. As an impact it is known to affect availability.
The weakness was released 01/01/2001. The exploitation appears to be easy. The attack can be launched remotely. The exploitation doesn't need any form of authentication. The technical details are unknown and an exploit is not publicly available.
The vulnerability scanner Nessus provides a plugin with the ID 10633 (Savant Web Server Multiple Percent Request Remote DoS), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Web Servers and running in the context r.
Proper firewalling of is able to address this issue.
The vulnerability is also documented in the databases at Tenable (10633), SecurityFocus (BID 2468†) and Vulnerability Center (SBV-1651†). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Vendor
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.3VulDB Meta Temp Score: 5.2
VulDB Base Score: 5.3
VulDB Temp Score: 5.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Denial of serviceCWE: CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 10633
Nessus Name: Savant Web Server Multiple Percent Request Remote DoS
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: FirewallStatus: 🔍
0-Day Time: 🔍
Timeline
01/01/2001 🔍01/01/2001 🔍
03/09/2001 🔍
03/13/2001 🔍
08/11/2003 🔍
06/30/2016 🔍
08/25/2022 🔍
Sources
Status: Not definedGCVE (VulDB): GCVE-100-88411
SecurityFocus: 2468 - Michael Lamont Savant Web Server DoS Vulnerability
Vulnerability Center: 1651 - DoS in Savant Web Server via GET Request with \x27%\x27 Characters, High
Entry
Created: 07/01/2016 00:28Updated: 08/25/2022 14:59
Changes: 07/01/2016 00:28 (35), 02/14/2019 13:50 (17), 08/25/2022 14:59 (2)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.