Published: 31/12/2002 Updated: 05/09/2008

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Buffer overflow in the Log function in util.c in GazTek ghttpd 1.4 up to and including 1.4.3 allows remote malicious users to execute arbitrary code via a long HTTP GET request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gaztek ghttpd 1.4.1
gaztek ghttpd 1.4.2
gaztek ghttpd 1.4.3
gaztek ghttpd 1.4

source: wwwsecurityfocuscom/bid/2879/info ghttpd is a freely available, open source web server for Unix systems ghttpd supports CGI and is easy to configure and use A buffer overflow is known to exist in ghttp which will allow arbitrary code to be executed with the privileges of the webserver Proof-of-concept code has demonstrated th ...

Practiced several system security exploits with C language in a specific Linux image, most of which aim to achieve root privileges or tamper with some data, breaking the integrity or/and the confidentiality of the system. Some general techniques applied to the vulnerable custom programs include stack overflow, integer overflow, format string tri…

System-Security-Exploit-Practice Practiced several system security exploits with C language in a specific Linux image Origin, most of which aim to achieve root privileges or tamper with some data, breaking the integrity or/and the confidentiality of the system Some general techniques applied to the vulnerable custom programs include buffer overflow, integer overflow, format

NVD-CWE-Other http://online.securityfocus.com/archive/1/295141 http://lynorics.sundawn.net/prog/ghttpd.html#versionen http://www.securityfocus.com/bid/5960 http://www.iss.net/security_center/static/10361.php https://nvd.nist.gov https://github.com/Hanc1999/System-Security-Exploit-Practice https://www.exploit-db.com/exploits/20929/

CVE-2002-1904

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect