CVE-2002-2295

Name of the Vulnerable Software and Affected Versions: Pico Server (pServ) versions 2.0 beta 1 through beta 5

Description: The issue allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. This can be achieved through various means, including a 1024-byte TCP stream message that triggers an off-by-one buffer overflow, a long method name in an HTTP request, a long version number in an HTTP request, a long User-Agent header, or a long file path.

Recommendations: For Pico Server (pServ) versions 2.0 beta 1 through beta 5, consider disabling the HTTP request handling functionality until a patch is available to prevent potential code execution. Restrict access to the TCP stream message handling to minimize the risk of denial of service. Avoid using long method names, version numbers, User-Agent headers, or file paths in HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.