Short Name |
HTTP:OVERFLOW:GAZTEK-HTTPD-OF |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
GazTek HTTP Daemon URL Buffer Overflow |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against the Gaztek HTTPD. Versions 1.4 and earlier are vulnerable. Attackers can send a maliciously crafted GET request in a long URL to the HTTP daemon to control server processes and execute arbitrary commands.
ghttpd is a freely available, open source web server for Unix systems. ghttpd supports CGI and is easy to configure and use. A buffer overflow is known to exist in ghttp which will allow arbitrary code to be executed with the privileges of the webserver. Proof-of-concept code has demonstrated that this vulnerability can be exploited by remote attackers.