Apache缓冲区溢出漏洞

Apache缓冲区溢出漏洞

漏洞ID 1105350 漏洞类型 缓冲区溢出
发布时间 1997-12-30 更新时间 1997-12-30
图片[1]-Apache缓冲区溢出漏洞-安全小百科CVE编号 CVE-1999-0107
图片[2]-Apache缓冲区溢出漏洞-安全小百科CNNVD-ID CNNVD-199712-015
漏洞平台 Multiple CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/20558
https://www.securityfocus.com/bid/80193
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199712-015
|漏洞详情
Apache1.2.5版本及之前版本存在缓冲区溢出漏洞。远程攻击者导致带有大量包含/字符的GET请求的服务拒绝。
|漏洞EXP
source: http://www.securityfocus.com/bid/2216/info

Apache Web Server 1.2 and previous versions are subject to a denial of service. By requesting a malformed GET request composed of an unusually large number of '/' characters, an attacker can cause CPU usage to spike. A restart of the service is required to gain normal functionality. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/20558.zip
|受影响的产品
Apache Apache 1.2.5

Apache Apache 1.1.1

Apache Apache 1.1

Apache Apache 1.0.5

Apache Apache 1.0.3

Apache Apache 1.0.2

Apache Apache 1.0

|参考资料
VulnerablesoftwareandversionsConfiguration1OR*cpe:/a:apache:http_server:0.8.11*cpe:/a:apache:http_server:0.8.14*cpe:/a:apache:http_server:1.0*cpe:/a:apache:http_server:1.0.2*cpe:/a:apache:http_server:1.0.3*cpe:/a:apache:http_server:1.0.5*cpe:/a:apache:http_server:1.1*cpe:/a:apache:http_server:1.1.1*cpe:/a:apache:http_server:1.2.5*DenotesVulnerableSoftware*ChangesrelatedtovulnerabilityconfigurationsTechnicalDetailsVulnerabilityType(ViewAll)CVEStandardVulnerabilityEntry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0107

相关推荐: Solaris Kodak Color Management System (KCMS)权限许可和访问控制漏洞

Solaris Kodak Color Management System (KCMS)权限许可和访问控制漏洞 漏洞ID 1207647 漏洞类型 未知 发布时间 1996-07-31 更新时间 1996-07-31 CVE编号 CVE-1999-0136 C…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享