header-logo
Suggest Exploit
vendor:
Enterprise Server
by:
SecurityFocus
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Enterprise Server
Affected Version From: Enterprise Server 3.6 SP2
Affected Version To: Enterprise Server 3.6 SP2
Patch Exists: YES
Related CWE: N/A
CPE: /a:enterprise_server:enterprise_server:3.6:sp2
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2001

Enterprise Server 3.6 SP2 with the SSL Handshake Patch applied is vulnerable to a buffer overflow

Enterprise Server 3.6 SP2 with the SSL Handshake Patch applied is vulnerable to a buffer overflow attack when a GET request is sent with an Accept header of 2000 bytes or more. This can allow attackers to launch denial-of-service attacks and to execute arbitrary commands on the webserver.

Mitigation:

Upgrade to Enterprise Server 3.6 SP3 or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/631/info

Enterprise Server 3.6 SP2 with the SSL Handshake Patch applied is vulnerable to a buffer overflow that may allow attackers to launch denial-of-service attacks and to execute arbitrary commands on the webserver. 

GET / HTTP/1.0
Accept: aaaaaaaaaaaaaa...2000byte/gif

Navigation

Suggest Exploit

Services By CQR