Pi3Web Error Message Path Disclosure

2001-02-15T13:17:11
ID OSVDB:4970
Type osvdb
Reporter Joe Testa(joetesta@hushmail.com)
Modified 2001-02-15T13:17:11

Description

Vulnerability Description

A remote overflow exists in the Pi3Web web server. Pi3Web's ISAPI handling dpes not perform bounds checks on user supplied input. By supplying a direct request to the tstapi.dll ISAPI application that contains a large amount of padding this will trigger a buffer overflow and possibly allow the execution of arbitrary code.

Solution Description

Upgrade to version 1.0.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in the Pi3Web web server. Pi3Web's ISAPI handling dpes not perform bounds checks on user supplied input. By supplying a direct request to the tstapi.dll ISAPI application that contains a large amount of padding this will trigger a buffer overflow and possibly allow the execution of arbitrary code.

References:

Vendor URL: http://pi3web.sourceforge.net/pi3web/ Related OSVDB ID: 514 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-02/0316.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-12/0005.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-03/0093.html Keyword: Pi3Web CVE-2001-0303 Bugtraq ID: 2381