PT-2011-4181 · Acme+2 · Simple Httpd+2

Nico Golde

Published

2011-08-05

Updated

2017-08-29

CVE-2011-2900

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Mongoose version 3.0 yaSSL Embedded Web Server (yasslEWS) version 0.2 Simple HTTPD (shttpd) version 1.42

Description The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code via an HTTP PUT request. This has been exploited in the wild in 2011.

Recommendations For Mongoose version 3.0, update to a version that fixes the put dir function issue. For yaSSL Embedded Web Server (yasslEWS) version 0.2, update to a version that fixes the put dir function issue. For Simple HTTPD (shttpd) version 1.42, update to a version that fixes the shttpd put dir function issue.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2011-2900

Affected Products

Mongoose

Simple Httpd

Yassl Embedded Web Server

PT-2011-4181 · Acme+2 · Simple Httpd+2

CVE-2011-2900

Weakness Enumeration

Related Identifiers

Affected Products

References · 14