New vulnerability added to the list of Shambala web server problems...
The Shambala web server can be crashed by sending the command "GET !"#?%&/()=?"
No real biggie (IMHO) since Shambala is mainly intended for home users... but still it can be annoying to see your server on your poor win box crashing and crashing again.
Platforms : Win 3.x / Win 95 / Win NT
This vulnerability is included in the securityspace db, ID10967
Similar DoS exploits were discovered before (in October 2000, and I think they are still not fixed, shame on the manufacturer):Title: Shambala web server DoS
ID: 10967
Category: Untested
URL: http://www.securityspace.com/smysecu....html?id=10967
Summary: Kills a Shambala web server
Description:
It was possible to kill the web server by
sending this request :
GET !"#?%&/()=?
Workaround : install a safer server or upgrade it
Risk factor : Medium
technical description of the exploit:
http://security-archive.merton.ox.ac...0010/0130.html
can also be found at securiteam:
http://www.securiteam.com/windowsntf...M00P0K05Y.html
short description:
http://www.safermag.com/html/safer30/dos/09.html
My solution... hmm run Apache