Results 1 to 2 of 2

Thread: Shambala Web Server DoS

  1. #1
    Senior since the 3 dot era
    Join Date
    Nov 2001
    Posts
    1,542

    Shambala Web Server DoS

    New vulnerability added to the list of Shambala web server problems...
    The Shambala web server can be crashed by sending the command "GET !"#?%&/()=?"
    No real biggie (IMHO) since Shambala is mainly intended for home users... but still it can be annoying to see your server on your poor win box crashing and crashing again.
    Platforms : Win 3.x / Win 95 / Win NT

    This vulnerability is included in the securityspace db, ID10967
    Title: Shambala web server DoS
    ID: 10967
    Category: Untested
    URL: http://www.securityspace.com/smysecu....html?id=10967
    Summary: Kills a Shambala web server
    Description:
    It was possible to kill the web server by
    sending this request :
    GET !"#?%&/()=?

    Workaround : install a safer server or upgrade it
    Risk factor : Medium
    Similar DoS exploits were discovered before (in October 2000, and I think they are still not fixed, shame on the manufacturer):
    technical description of the exploit:
    http://security-archive.merton.ox.ac...0010/0130.html
    can also be found at securiteam:
    http://www.securiteam.com/windowsntf...M00P0K05Y.html
    short description:
    http://www.safermag.com/html/safer30/dos/09.html

    My solution... hmm run Apache

  2. #2
    Junior Member
    Join Date
    Jun 2002
    Posts
    10
    What kind of an idiot would run an "important" website on a win box?
    Use linux you\'ll love it in the end!
    http://exeleven.cjb.net http://msproblem.cjb.net

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •