Published: 08/12/2009 Updated: 10/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Off-by-one error in src/http.c in CoreHTTP 0.5.3.1 and previous versions allows remote malicious users to cause a denial of service or possibly execute arbitrary code via an HTTP request with a long first line that triggers a buffer overflow. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2007-4060.

Vulnerable Product	Search on Vulmon	Subscribe to Product
frank yaul corehttp 0.5.3.1

# bugtraq: seclistsorg/bugtraq/2009/Dec/99 # census ID: census-2009-0003 # URL: census-labscom/news/2009/12/02/corehttp-web-server/ # CVE ID: CVE-2009-3586 # Affected Products: CoreHTTP web server versions buffer, # 46: "%" PATHSIZE_S "[A-Za-z] %" PATHSIZE_S "s%*[ \t\n]", req, url); # # The buffers req and url are declared to be of ...

CoreHTTP web server versions 0531 and below denial of service off-by-one buffer overflow exploit ...

CWE-189 http://census-labs.com/news/2009/12/02/corehttp-web-server/http://census-labs.com/media/corex.txt http://www.securityfocus.com/archive/1/508272/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/10349/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-3586

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect