Wserve HTTP Server GET Request Buffer Overflow Vulnerability
BID:23341
Info
Wserve HTTP Server GET Request Buffer Overflow Vulnerability
| Bugtraq ID: | 23341 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 05 2007 12:00AM |
| Updated: | Apr 05 2007 10:02PM |
| Credit: | UniquE-Key is credited with the discovery of this issue. |
| Vulnerable: |
Wserve Wserve 4.6 |
| Not Vulnerable: | |
Discussion
Wserve HTTP Server GET Request Buffer Overflow Vulnerability
Wserve HTTP Server is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.
Attackers can exploit this issue to cause denial-of-service conditions and possibly to execute arbitrary code with the privileges of the application.
Wserve HTTP Server 4.6 is vulnerable; prior versions may also be affected.
Wserve HTTP Server is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.
Attackers can exploit this issue to cause denial-of-service conditions and possibly to execute arbitrary code with the privileges of the application.
Wserve HTTP Server 4.6 is vulnerable; prior versions may also be affected.
Exploit / POC
Wserve HTTP Server GET Request Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
An example GET request causing a denial of service has been provided:
GET / HTTP/1.0\r\n /www.example.com:80/AAAAAA[2000].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
An example GET request causing a denial of service has been provided:
GET / HTTP/1.0\r\n /www.example.com:80/AAAAAA[2000].
Solution / Fix
Wserve HTTP Server GET Request Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Wserve HTTP Server GET Request Buffer Overflow Vulnerability
References:
References: