vendor:
Wserve HTTP Server
by:
UniquE-Key
7.5
CVSS
HIGH
Buffer Overflow - Denial of Service
119
CWE
Product Name: Wserve HTTP Server
Affected Version From: 4.6
Affected Version To: 4.6
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Wserve HTTP Server 4.6 Version (Long Directory Name) Buffer Overflow – Denial Of Service
This exploit is for the Wserve HTTP Server 4.6 version which is vulnerable to a buffer overflow attack. The attacker sends a specially crafted HTTP request with a long directory name, causing a buffer overrun. This results in a denial of service as the program's internal state gets corrupted and it cannot continue execution safely.
Mitigation:
The vendor should release a patch to fix this buffer overflow vulnerability. In the meantime, users are advised to use an alternative HTTP server software or implement network-level mitigations like firewalls to block potential attacks.