Vulnerability Description
Simple Web Server 2.2 rc2 contains a stack-based buffer overflow vulnerability in its handling of the Connection HTTP header. When a remote attacker sends an overly long string in this header, the server uses vsprintf() without proper bounds checking, leading to a buffer overflow on the stack. This flaw allows remote attackers to execute arbitrary code with the privileges of the web server process. The vulnerability is triggered before authentication.
Related Weaknesses (CWE)
References
- http://ghostinthelab.wordpress.com/2012/07/19/simplewebserver-2-2-rc2-remote-buf
- http://www.pmx.it/software/sws.asp
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exp
- https://www.exploit-db.com/exploits/19937
- https://www.exploit-db.com/exploits/20028
- https://www.vulncheck.com/advisories/simple-web-server-connection-header-buffer-
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exp
- https://www.exploit-db.com/exploits/19937
- https://www.exploit-db.com/exploits/20028
FAQ
What is CVE-2012-10053?
CVE-2012-10053 is a documented vulnerability. Simple Web Server 2.2 rc2 contains a stack-based buffer overflow vulnerability in its handling of the Connection HTTP header. When a remote attacker sends an overly long string in this header, the ser...
How severe is CVE-2012-10053?
CVSS scoring is not yet available for CVE-2012-10053. Check NVD for updates.
Is there a patch for CVE-2012-10053?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.