Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Buffer overflow in the httpdProcessRequest function in LibHTTPD 1.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP POST request.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
LibHTTPD POST远程缓冲区溢出漏洞
Vulnerability Description
LibHTTPD是一款用于嵌入设备的小型WEB服务程序。 LibHTTPD对超长POST请求处理不正确,远程攻击者可以利用这个漏洞对LibHTTPD服务程序进行缓冲区溢出攻击,以WEB进程在系统上执行任意指令。 检查libhttpd.a库中的'api.c'源代码,发现860行的httpdProcessRequest()函数对用户提交的输入缺少正确检查,提交超长POST请求可导致不经过充分边界检查而直接进行拷贝操作,发生缓冲区溢出,精心构建提交请求数据可能以WEB进程权限在系统上执行任意指令。
CVSS Information
N/A
Vulnerability Type
N/A