Vulnerabilities > CVE-2006-5216 - Remote Buffer Overflow vulnerability in Sergey Lyubka Simple Httpd 1.34
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) 1.34 allows remote attackers to execute arbitrary code via a long URI.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description SHTTPD. CVE-2006-5216. Remote exploit for win32 platform id EDB-ID:16759 last seen 2016-02-02 modified 2010-05-09 published 2010-05-09 reporter metasploit source https://www.exploit-db.com/download/16759/ title SHTTPD <= 1.34 URI-Encoded POST Request Overflow Win32 description SHTTPD 1.34 (POST) Remote Buffer Overflow Exploit. CVE-2006-5216. Remote exploit for windows platform file exploits/windows/remote/2482.pl id EDB-ID:2482 last seen 2016-01-31 modified 2006-10-05 platform windows port published 2006-10-05 reporter SkOd source https://www.exploit-db.com/download/2482/ title SHTTPD 1.34 POST Remote Buffer Overflow Exploit type remote
Metasploit
| description | This module exploits a stack buffer overflow in SHTTPD <= 1.34. The vulnerability is caused due to a boundary error within the handling of POST requests. Based on an original exploit by skOd but using a different method found by hdm. |
| id | MSF:EXPLOIT/WINDOWS/HTTP/SHTTPD_POST |
| last seen | 2020-02-29 |
| modified | 2017-07-24 |
| published | 2006-10-15 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/http/shttpd_post.rb |
| title | SHTTPD URI-Encoded POST Request Overflow |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/83013/shttpd_post.rb.txt |
| id | PACKETSTORM:83013 |
| last seen | 2016-12-05 |
| published | 2009-11-26 |
| reporter | H D Moore |
| source | https://packetstormsecurity.com/files/83013/SHTTPD-1.34-URI-Encoded-POST-Request-Overflow-win32.html |
| title | SHTTPD <= 1.34 URI-Encoded POST Request Overflow (win32) |
References
- http://exploitlabs.com/files/advisories/EXPL-A-2006-005-shttpd.txt
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050146.html
- http://secunia.com/advisories/22294
- http://securitytracker.com/id?1017088
- http://www.securityfocus.com/bid/20393
- http://www.vupen.com/english/advisories/2006/3939
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29368
- https://www.exploit-db.com/exploits/2482