PT-2020-17210 · Unknown · Miniweb Http Server

Published

2020-12-21

Updated

2020-12-23

CVE-2020-29596

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions MiniWeb HTTP server version 0.8.19

Description The issue allows remote attackers to cause a denial of service, resulting in a daemon crash, by sending a POST request with a long name for the first parameter.

Recommendations For MiniWeb HTTP server version 0.8.19, consider restricting the length of parameter names in POST requests to prevent daemon crashes until a patch is available. As a temporary workaround, monitor server logs for suspicious activity and restart the daemon as needed to minimize downtime.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

CVE-2020-29596

Affected Products

Miniweb Http Server

PT-2020-17210 · Unknown · Miniweb Http Server

CVE-2020-29596

Weakness Enumeration

Related Identifiers

Affected Products

References · 8