CVE - CVE-2001-0433

CVE-ID
CVE-2001-0433	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Buffer overflow in Savant 3.0 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Host HTTP header.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20010405 Savant 3.0 Denial Of Service URL:http://marc.info/?l=bugtraq&m=98655083231635&w=2
Assigning CNA
MITRE Corporation
Date Record Created
20010524	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Proposed (20010524)
Votes (Legacy)
MODIFY(1) Frech NOOP(3) Cole, Wall, Ziese REVIEWING(1) Christey
Comments (Legacy)
Frech> XF:savant-get-bo(4901) Christey> Should CVE-2002-0099 and/or CVE-2001-0433 be MERGED with CVE-2000-0641? All describe slightly different overflows that, perhaps, should be merged according to CD:SF-LOC. It depends on which versions are affected, which would require some vendor acknowledgement or consultation. A vague changelog for version 3.1 at http://sourceforge.net/project/shownotes.php?release_id=75333 says "security fixes" but it's not clear which security fixes were made. The description for CVE-2000-0641 is slightly incorrect. The exploit is clearly due to a large number of headers, not arguments to the GET request itself. So, CVE-2000-0641 clearly overlaps with CVE-2001-0433. The exploit for CVE-2001-0433 also doesn't really have anything to do with a "cgi-test.pl" program (which isn't in the distribution). The discloser simply used that as an example program of a long request.
Proposed (Legacy)
20010524
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)