Описание
Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web Server (yasslEWS) 0.2, and (3) _shttpd_put_dir function in io_dir.c in Simple HTTPD (shttpd) 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT request, as exploited in the wild in 2011.
Ссылки
- Vendor Advisory
- Patch
- Patch
- Patch
- Vendor Advisory
- Patch
- Patch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:shttpd:shttpd:1.42:*:*:*:*:*:*:*
cpe:2.3:a:valenok:mongoose:3.0:*:*:*:*:*:*:*
cpe:2.3:a:yassl:yasslews:0.2:*:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.54478
Средний
7.5 High
CVSS2
Дефекты
CWE-119
Связанные уязвимости
github
больше 3 лет назад
Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web Server (yasslEWS) 0.2, and (3) _shttpd_put_dir function in io_dir.c in Simple HTTPD (shttpd) 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT request, as exploited in the wild in 2011.
EPSS
Процентиль: 98%
0.54478
Средний
7.5 High
CVSS2
Дефекты
CWE-119