header-logo
Suggest Exploit
vendor:
Sphiro HTTPD
by:
7.5
CVSS
HIGH
Heap Based Buffer Overflow
120
CWE
Product Name: Sphiro HTTPD
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Remote Heap Based Buffer Overflow in Sphiro HTTPD

Sphiro HTTPD is prone to a remote heap based buffer overflow vulnerability. This issue is due to a failure of the application to properly verify buffer boundaries before storing input in fixed buffers. Immediate consequences of this attack may cause the affected daemon to crash, denying service to legitimate users. Furthermore, due to the nature this issue, arbitrary code execution may be possible. This would occur in the context running daemon process.

Mitigation:

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10249/info

It has been reported that Sphiro HTTPD is prone to a remote heap based buffer overflow vulnerability. This issue is due to a failure of the application to properly verify buffer boundaries before storing input in fixed buffers.

Immediate consequences of this attack may cause the affected daemon to crash, denying service to legitimate users. Furthermore, due to the nature this issue, arbitrary code execution may be possible. This would occur in the context running daemon process.

perl -e 'print "GET HTTP/1.1" . "A"x1000 . "\n\n"' |nc www.example.com 80