CVE-2019-19943 PoC — Pablo Quick’n Easy Web Server 资源管理错误漏洞

Source

https://github.com/5l1v3r1/CVE-2019-19943

Associated Vulnerability

Title:Pablo Quick’n Easy Web Server 资源管理错误漏洞 (CVE-2019-19943)
Description:Pablo Quick’n Easy Web Server是Pablo的一款Web服务器。 Pablo Quick’n Easy Web Server 3.3.8版本中的HTTP服务存在资源管理错误漏洞。远程攻击者可借助较大的‘host’或‘domain’参数利用该漏洞执行代码。

Description

Remote Unauthenticated Heap Memory Corruption in Quick N' Easy Web Server <= 3.3.8

Readme

# CVE-2019-19943
Remote Unauthenticated Heap Memory Corruption in Quick N' Easy Web Server &lt;= 3.3.8

This exploit is also available on Exploit-DB: [Quick N Easy Web Server 3.3.8 - Denial of Service (PoC)](https://www.exploit-db.com/exploits/48111)

## Before

![screenshot](/assets/before.PNG)

## After

![screenshot](/assets/after.PNG)

# Timeline

- December 13, 2019 - Discovered Issue
- December 14, 2019 - Contacted Mitre
- December 22, 2019 - CVE-2019-19943 assigned
- December 23, 2019 - Contacted Vendor (no response)
- January 18, 2020 - Contacted Vendor (no response)
- February 22, 2020 - Disclosed

File Snapshot


 [4.0K]  /data/pocs/cad125ef321bf7a868e7db6dbfb6834eb6d4eaab
├── [4.0K]  assets
│   ├── [3.7M]  after.PNG
│   └── [3.6M]  before.PNG
├── [3.1K]  quickwww_heap.py
└── [ 614]  README.md

1 directory, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!