Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2900

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-2900
Last Modified 22 Sep 2011 11:34:18
Published 05 Aug 2011 05:55:08
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-2900

Summary

Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web Server (yasslEWS) 0.2, and (3) _shttpd_put_dir function in io_dir.c in Simple HTTPD (shttpd) 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT request, as exploited in the wild in 2011.

Vulnerable Systems

Application

  • Shttpd 1.42

  • Valenok Mongoose 3.0

  • Yasslews 0.2


References

CONFIRM - https://code.google.com/p/mongoose/source/detail?r=556f4de91eae4bac40dc5d4ddbd9ec7c424711d0

MLIST - [oss-security] 20110803 Re: CVE id request: shttpd/mongoose/yassl embedded webserver

MLIST - [oss-security] 20110803 CVE id request: shttpd/mongoose/yassl embedded webserver

XF - mongoose-put-bo(68991)

BID - 48980

SREASON - 8337

SECUNIA - 45902

SECUNIA - 45464

FEDORA - FEDORA-2011-11825

FEDORA - FEDORA-2011-11823

FEDORA - FEDORA-2011-11636


Last Updated: 27 May 2016 10:57:12