New vulnerability added to the list of Shambala web server problems...
The Shambala web server can be crashed by sending the command "GET !"#?%&/()=?"
No real biggie (IMHO) since Shambala is mainly intended for home users... but still it can be annoying to see your server on your poor win box crashing and crashing again.
Platforms : Win 3.x / Win 95 / Win NT
This vulnerability is included in the securityspace db, ID10967
Similar DoS exploits were discovered before (in October 2000, and I think they are still not fixed, shame on the manufacturer):Title: Shambala web server DoS
Summary: Kills a Shambala web server
** It was possible to kill the web server by
** sending this request :
** GET !"#?%&/()=?
** Workaround : install a safer server or upgrade it
** Risk factor : Medium
technical description of the exploit:
can also be found at securiteam:
My solution... hmm run Apache