Kolibri WebServer HTTP Request Buffer Overflow Vulnerability Network Vulnerability

Summary

This host is running Kolibri WebServer and is prone to denial of service vulnerability.

Impact

Successful exploitation may allow remote attackers to cause the application to crash, creating a denial-of-service condition. Impact Level: Application

Solution

No solution or patch is available as of 9th February, 2015. Information regarding this issue will be updated once the solution details are available. For updates refer to http://www.senkas.com/kolibri/download.php

Insight

The flaw is due to an error when processing web requests and can be exploited to cause a stack-based buffer overflow via an overly long string passed in a HEAD or GET request.

Affected

Kolibri webserver version 2.0

Detection

Send a crafted exploit string via HTTP GET request and check whether it is able to crash or not.

References

http://packetstormsecurity.com/files/126332
http://secunia.com/advisories/43214
http://www.exploit-db.com/exploits/15834
http://www.exploit-db.com/exploits/33027
http://www.osvdb.org/70808

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-5301, CVE-2014-4158
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Audacity Buffer Overflow Vulnerability (Linux)
Adobe Reader Buffer Overflow Vulnerability Sep09 (Win)
Adobe Flash CS3 SWF Processing Buffer Overflow Vulnerabilities
Buffer Overflow Vulnerability in Adobe Acrobat and Reader (Win)
ALLMediaServer Request Handling Buffer Overflow Vulnerability

Take action and discover your vulnerabilities