AnalogX SimpleServer:WWW GET缓冲器溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1105670 漏洞类型 缓冲区溢出
发布时间 1999-12-31 更新时间 2006-08-24
CVE编号 CVE-2000-0011 CNNVD-ID CNNVD-199912-135
漏洞平台 Windows CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/19703
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199912-135
|漏洞详情
AnalogXSimpleServer:WWWGET服务器存在缓冲器溢出漏洞。远程攻击者可以通过一条长的GET请求执行指令。
|漏洞EXP
source: http://www.securityfocus.com/bid/906/info

The SimpleServer:WWW personal webserver package from AnalogX can be compromised due to an overflowable buffer. If a GET request longer than 1000 bytes is received, the software will crash and data from the request gets pased to the EIP, meaning that an exploit could be created to run arbitrary code.

DoS attack:
GET [1000 bytes] HTTP/1.1
|参考资料

来源:www.analogx.com
链接:http://www.analogx.com/contents/download/network/sswww.htm
来源:BID
名称:906
链接:http://www.securityfocus.com/bid/906
来源:OSVDB
名称:1184
链接:http://www.osvdb.org/1184