New vulnerability added to the list of Shambala web server problems...
The Shambala web server can be crashed by sending the command "GET !"#?%&/()=?"
No real biggie (IMHO) since Shambala is mainly intended for home users... but still it can be annoying to see your server on your poor win box crashing and crashing again.
Platforms : Win 3.x / Win 95 / Win NT

This vulnerability is included in the securityspace db, ID10967
Title: Shambala web server DoS
ID: 10967
Category: Untested
URL: http://www.securityspace.com/smysecu....html?id=10967
Summary: Kills a Shambala web server
Description:
It was possible to kill the web server by
sending this request :
GET !"#?%&/()=?

Workaround : install a safer server or upgrade it
Risk factor : Medium
Similar DoS exploits were discovered before (in October 2000, and I think they are still not fixed, shame on the manufacturer):
technical description of the exploit:
http://security-archive.merton.ox.ac...0010/0130.html
can also be found at securiteam:
http://www.securiteam.com/windowsntf...M00P0K05Y.html
short description:
http://www.safermag.com/html/safer30/dos/09.html

My solution... hmm run Apache