Buffer overflow in Savant Web Server 3.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| savant | savant_web_server | * |
Savant Webserver 3.1 allows remote attackers to cause a denial of service (crash) via an HTTP GET request with a negative Content-Length value.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| savant | savant_webserver | 3.1 |
Savant Web Server 3.1 and earlier allows remote attackers to bypass authentication for password protected user folders via a URL with a hex encoded space (%20) and a '.' (%2e) at the end of the filename.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| savant | savant_webserver | * |
cgitest.exe in Savant Web Server 3.1 and earlier allows remote attackers to cause a denial of service (crash) via a long HTTP request.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| savant | savant_webserver | 3.1 |
Buffer overflow in Savant Web Server 3.1 allows remote attackers to execute arbitrary code via a long HTTP request.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| savant | savant_webserver | 3.1 |
Savant Web Server stores user credentials in plaintext in the Savant\Users registry key, which allows local users to gain privileges.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| savant | savant_webserver | 3.1 |