Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2001-0700

Published: 20/09/2001 Updated: 10/10/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to W3m

Vulnerability Summary

Buffer overflow in w3m 0.2.1 and previous versions allows a remote malicious user to execute arbitrary code via a long base64 encoded MIME header.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

w3m w3m 0.1.8

w3m w3m 0.1.9

w3m w3m 0.1.10

w3m w3m 0.2

w3m w3m

w3m w3m 0.1.3

w3m w3m 0.1.4

w3m w3m 0.1.6

w3m w3m 0.1.7

Vendor Advisories

Debian Security Advisories: DSA-064-1 w3m -- buffer overflow
SecureNet Service reported that w3m (a console web browser) has a buffer overflow in its MIME header parsing code This could be exploited by an attacker if by making a web-server a user visits return carefully crafted MIME headers This has been fixed in version 0110+0111pre+kokb23-4, and we recommend that you upgrade your w3m package ...
Debian Security Advisories: DSA-081-1 w3m -- Buffer Overflow
In SNS Advisory No 32 a buffer overflow vulnerability has been reported in the routine which parses MIME headers that are returned from web servers A malicious web server administrator could exploit this and let the client web browser execute arbitrary code w3m handles MIME headers included in the request/response message of HTTP communication l ...

Exploits

Exploit DB: W3M 0.1/0.2 - Malformed MIME Header Buffer Overflow
source: wwwsecurityfocuscom/bid/2895/info W3M is a pager/text-based WWW browser similiar to lynx A buffer overflow vulnerability exists in the 'w3m' client program The overflow occurs when a base64-encoded string exceeding approximately 32 characters in length is received in a MIME header field As a result, it may be possible for a ma ...

References

NVD-CWE-Otherhttp://mi.med.tohoku.ac.jp/~satodai/w3m-dev-en/200106.month/537.htmlhttp://www.securityfocus.com/bid/2895http://www.securityfocus.com/archive/1/192371http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000434http://www.debian.org/security/2001/dsa-064http://www.debian.org/security/2001/dsa-081https://exchange.xforce.ibmcloud.com/vulnerabilities/6725https://nvd.nist.govhttps://www.debian.org/security/./dsa-064https://www.exploit-db.com/exploits/20941/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook