1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Ultra Mini HTTPD GET Request BO

Web Attack: Ultra Mini HTTPD GET Request BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a stack based buffer overflow in Ultra Mini HTTPD which may result in execution of arbitrary code.

Additional Information

Ultra Mini HTTPD is a HTTP server application.

The application is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. This issue occurs when handling a specially crafted HTTP 'GET' request.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the server. Failed exploit attempts will result in a denial-of-service condition.

Affected

  • Ultra Mini HTTPD 1.21 is vulnerable; other versions may also be affected.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube