Lucene search

K

RedhatCVELIST:CVE-2011-2900

HistoryAug 05, 2011 - 9:00 p.m.

CVE-2011-2900

2011-08-0521:00:00

redhat

www.cve.org

7.8 High

AI Score

Confidence

Low

0.47 Medium

EPSS

Percentile

97.5%

Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web Server (yasslEWS) 0.2, and (3) _shttpd_put_dir function in io_dir.c in Simple HTTPD (shttpd) 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT request, as exploited in the wild in 2011.

References

lists.fedoraproject.org/pipermail/package-announce/2011-September/065273.html

lists.fedoraproject.org/pipermail/package-announce/2011-September/065505.html

lists.fedoraproject.org/pipermail/package-announce/2011-September/065537.html

secunia.com/advisories/45464

secunia.com/advisories/45902

securityreason.com/securityalert/8337

www.openwall.com/lists/oss-security/2011/08/03/5

www.openwall.com/lists/oss-security/2011/08/03/9

www.securityfocus.com/bid/48980

code.google.com/p/mongoose/source/detail?r=556f4de91eae4bac40dc5d4ddbd9ec7c424711d0

exchange.xforce.ibmcloud.com/vulnerabilities/68991

7.8 High

AI Score

Confidence

Low

0.47 Medium

EPSS

Percentile

97.5%

Related for CVELIST:CVE-2011-2900

nessus3 prion1 packetstorm1 openvas7 nvd1 fedora3 exploitpack2 cve1 seebug1 exploitdb1