header-logo
Suggest Exploit
vendor:
Pi3Web Web Server
by:
SecurityFocus
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Pi3Web Web Server
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Buffer Overflow Vulnerability in John Roy Pi3Web Web Server

A buffer overflow vulnerability has been reported in John Roy Pi3Web web server. The ISAPI application within the server fails to properly handle user supplied input. Requesting a specially crafted URL will cause the buffer to overflow and possibly allow the execution of arbitrary code. Pi3Web has also been known to disclose the physical path to the web root by requesting an invalid URL.

Mitigation:

Input validation should be used to ensure that user supplied input is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2381/info


A buffer overflow vulnerability has been reported in John Roy Pi3Web web server. The ISAPI application within the server fails to properly handle user supplied input. Requesting a specially crafted URL will cause the buffer to overflow and possibly allow the execution of arbitrary code.

Pi3Web has also been known to disclose the physical path to the web root by requesting an invalid URL. 

http://target/isapi/tstisapi.dll?[a lot of 'A's]

http://localhost/[any string which causes a 404 error]

Navigation

Suggest Exploit

Services By CQR