Short Name |
HTTP:OVERFLOW:NULLHTTPD-ROOT-OF |
---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Null httpd Remote Root Buffer Overflow |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Null HTTPD. Attackers can remotely send shellcode in a maliciously crafted POST command to gain local access.
A heap corruption vulnerability has been discovered in Null httpd. By passing a small content length value to the server and triggering the server to make a second recv() of POST data, it is possible to overrun a buffer. An attacker may exploit this condition to overwrite arbitrary words in memory through the free() function. This may allow for the execution of arbitrary code. It should be noted that this vulnerability is similar to the issue described in BID 5774, but requires a slightly different method to trigger.