Null HTTPd Server Content-Length HTTP Header Buffer Overflow Vulnerability Network Vulnerability

Summary

This host is running Null HTTPd Server and is prone to heap based buffer overflow vulnerability.

Impact

Successful exploitation will allow attacker to execute arbitrary code on the target system or cause the web server to crash. Impact Level: Application

Solution

Upgrade Null HTTPd Server to 0.5.1 or later, For updates refer to http://freecode.com/projects/nullhttpd

Insight

Improper way of handling of negative 'Content-Length' values in HTTP header field, leads to a buffer overflow. By sending an HTTP request with a negative value in the 'Content-Length' header field, a remote attacker could overflow a buffer and cause the server to crash or execute arbitrary code on the system.

Affected

Null HTTPd Server version 0.5.0 or prior

References

http://archives.neohapsis.com/archives/bugtraq/2002-09/0284.html
http://xforce.iss.net/xforce/xfdb/10160

Updated on 2015-03-25

Severity

Classification

CVE CVE-2002-1496
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Multiple Security Vulnerabilities
Zeus Web Server 'SSL2_CLIENT_HELLO' Remote Buffer Overflow Vulnerability
Kolibri Remote Buffer Overflow Vulnerability
Null HTTPd Server Content-Length HTTP Header Buffer overflow Vulnerability
ModSecurity Multiple Remote Denial of Service Vulnerabilities

Take action and discover your vulnerabilities