Essentia Web Server GET And HEAD Requests Remote Buffer Overflow Vulnerability
BID:20910
Info
Essentia Web Server GET And HEAD Requests Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 20910 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 07 2006 12:00AM |
| Updated: | Nov 14 2006 04:01PM |
| Credit: | CorryL is credited with the discovery of this vulnerability. |
| Vulnerable: |
Essen Essential Web Server 2.15 |
| Not Vulnerable: | |
Discussion
Essentia Web Server GET And HEAD Requests Remote Buffer Overflow Vulnerability
Essentia Web Server is prone to a stack-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the webserver. Failed exploit attempts will result in a denial-of-service condition.
This issue affects version 2.15; other versions may also be affected.
This issue may be related to the one described in BID 4159 (Essentia Web Server Long URL Buffer Overflow Vulnerability).
Essentia Web Server is prone to a stack-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the webserver. Failed exploit attempts will result in a denial-of-service condition.
This issue affects version 2.15; other versions may also be affected.
This issue may be related to the one described in BID 4159 (Essentia Web Server Long URL Buffer Overflow Vulnerability).
Exploit / POC
Essentia Web Server GET And HEAD Requests Remote Buffer Overflow Vulnerability
The following proof-of-concept exploit is available:
The following proof-of-concept exploit is available:
Solution / Fix
Essentia Web Server GET And HEAD Requests Remote Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
Essentia Web Server GET And HEAD Requests Remote Buffer Overflow Vulnerability
References:
References:
- Vendor Home Page (Essen)