|
 Pi3Web For
Windows Long Request Buffer Overflow Vulnerability
Type DoS, crashes Daemon Release Date January 14, 2002 Product / Vendor Pi3Web is a free, multithreaded, highly configurable and extensible HTTP server and development environment for cross platform internet server development and deployment. Summary Due to a buffer overflow vulnerability in John Roy Pi3Web web server, it is possbile for an attacker to cause the server to stop responding and possibly execute code. Problem is due to the CGI parameter's handling of unusually crafted requests. http://host/cgi-bin/hello.exe.....<224 char>...... The instruction at "0x77fcc1df" referenced memory at "0x009946c0". The memory could not be "read". Tested Windows 2000 / PiWeb v2.0 Vulnerable Pi3Web v2.0 (And may be other) Disclaimer http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory. Author Tamer Sahin |
 |