Published: 31/12/2003 Updated: 05/09/2008

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote malicious users to execute arbitrary code via (1) a long URL content type in CGI::readFile, (2) a long path in diskusage, and (3) a long fname in flist.

Vulnerable Product	Search on Vulmon	Subscribe to Product
positive software h-sphere 2.3_rc3

/* source: wwwsecurityfocuscom/bid/6527/info A vulnerability has been discovered in H-Sphere Webshell During the pre-authentication phase Webshell fails to perform sufficient bounds checking on user-supplied HTTP parameters As a result, a malicious attacker may be able to trigger a buffer overrun Successful exploitation of this issu ...

source: wwwsecurityfocuscom/bid/6527/info A vulnerability has been discovered in H-Sphere Webshell During the pre-authentication phase Webshell fails to perform sufficient bounds checking on user-supplied HTTP parameters As a result, a malicious attacker may be able to trigger a buffer overrun Successful exploitation of this issue wou ...

NVD-CWE-Other http://www.securityfocus.com/archive/1/305313 http://psoft.net/misc/webshell_patch.html http://www.iss.net/security_center/static/10999.php http://www.iss.net/security_center/static/11002.php http://www.iss.net/security_center/static/11003.php http://www.securityfocus.com/bid/6537 http://www.securityfocus.com/bid/6538 http://www.securityfocus.com/bid/6540 http://www.securityfocus.com/bid/6527 http://www.securitytracker.com/id?1005893 http://secunia.com/advisories/7832 https://nvd.nist.gov https://www.exploit-db.com/exploits/22129/

CVE-2003-1247

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect