Computer Security
[EN] securityvulns.ru no-pyccku


Monkey HTTPD security vulnerabilities
Published:04.06.2013
Source:
SecurityVulns ID:13107
Type:remote
Threat Level:
5/10
Description:Crash on NULL byte in request. Buffer overflow on oversized header.
Affected:MONKEYPROJECT : Monkey HTTPD 1.1
CVE:CVE-2013-3843 (Stack-based buffer overflow in the mk_request_header_process function in mk_request.c in Monkey HTTP Daemon (monkeyd) before 1.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP header.)
 CVE-2013-3724 (The mk_request_header_process function in mk_request.c in Monkey 1.1.1 allows remote attackers to cause a denial of service (thread crash and service outage) via a '\0' character in an HTTP request.)
Original documentdocumentdougtko_(at)_gmail.com, CVE-2013-3843 Monkey HTTPD 1.2.0 - Buffer Overflow DoS Vulnerability With Possible Arbitrary Code Execution (04.06.2013)
 documentdougtko_(at)_gmail.com, Monkey HTTPD 1.1.1 - Denial of Service Vulnerability (04.06.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod