Lucene search

[email protected]CVE-2014-2994

HistoryApr 27, 2014 - 4:32 a.m.

CVE-2014-2994

2014-04-2704:32:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2014-2994

buffer overflow

acunetix

wvs

security vulnerability

remote code execution

8.1 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.87 High

EPSS

Percentile

98.6%

JSON

Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file containing an IMG element with a long URL (src attribute).

CPENameOperatorVersion
acunetix:web_vulnerability_scanneracunetix web vulnerability scannereq8

CPE	Name	Operator	Version
acunetix:web_vulnerability_scanner	acunetix web vulnerability scanner	eq	8

References

an7isec.blogspot.co.il/2014/04/pown-noobs-acunetix-0day.html

osandamalith.wordpress.com/2014/04/24/pwning-script-kiddies-acunetix-buffer-overflow/

packetstormsecurity.com/files/126306/Acunetix-8-Stack-Buffer-Overflow.html

packetstormsecurity.com/files/126307/Acunetix-8-Scanner-Buffer-Overflow.html

www.acunetix.com/blog/news/misleading-reports-0-day-acunetix-wvs/

www.exploit-db.com/exploits/32997

www.youtube.com/watch?v=RHaMx8K1GeM

8.1 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.87 High

EPSS

Percentile

98.6%

JSON

Related for CVE-2014-2994

prion1 packetstorm1 seebug1 cvelist1 exploitpack1 zdt1 exploitdb1