Mongoose Web Server Remote Buffer Overflow Vulnerability Network Vulnerability

Summary

The host is running Mongoose Web Server and is prone to remote buffer overflow vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Impact Level: System/Application

Solution

Apply the patch from below link, https://code.google.com/p/mongoose/source/detail?r=025b11b1767a311b0434a385f5115463f6293ce9

Insight

The flaw is due to an error in the 'put_dir()' function (mongoose.c) when processing HTTP PUT web requests. This can be exploited to cause an assertion error or a stack-based buffer overflow.

Affected

Mongoose Web Server version 3.0

References

http://secunia.com/advisories/45464
http://www.openwall.com/lists/oss-security/2011/08/03/5
http://xforce.iss.net/xforce/xfdb/68991

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-2900
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Lighttpd Multiple vulnerabilities
Zeus Web Server 'SSL2_CLIENT_HELLO' Remote Buffer Overflow Vulnerability
ModSecurity Multiple Remote Denial of Service Vulnerabilities
EasyPHP Webserver Multiple Vulnerabilities
JBoss Application Server Multiple Vulnerabilities

Take action and discover your vulnerabilities