PT-2002-1108 · Crazywwwboard · Crazywwwboard
Published
2002-01-30
·
Updated
2017-07-11
·
CVE-2001-1457
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
CrazyWWWBoard versions 2000p4 and 2000LEp5
Description
The issue allows remote attackers to execute arbitrary code via a long
HTTP USER AGENT CGI environment variable. This is a result of a buffer overflow.Recommendations
For CrazyWWWBoard version 2000p4, update or patch the software to fix the buffer overflow issue.
For CrazyWWWBoard version 2000LEp5, update or patch the software to fix the buffer overflow issue.
As a temporary workaround, consider restricting the length of the
HTTP USER AGENT variable to prevent exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Crazywwwboard