Vulnerabilities > CVE-2009-3586 - Numeric Errors vulnerability in Frank Yaul Corehttp 0.5.3.1

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
frank-yaul
CWE-189
exploit available

Summary

Off-by-one error in src/http.c in CoreHTTP 0.5.3.1 and earlier allows remote attackers to cause a denial of service or possibly execute arbitrary code via an HTTP request with a long first line that triggers a buffer overflow. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2007-4060.

Vulnerable Configurations

Part Description Count
Application
Frank_Yaul
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionCoreHTTP web server off-by-one buffer overflow vulnerability. CVE-2009-3586. Dos exploit for linux platform
idEDB-ID:10349
last seen2016-02-01
modified2009-12-02
published2009-12-02
reporterPatroklos Argyroudis
sourcehttps://www.exploit-db.com/download/10349/
titleCoreHTTP Web server <= 0.5.3.1 - off-by-one Buffer Overflow Vulnerability

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/83483/corex.py.txt
idPACKETSTORM:83483
last seen2016-12-05
published2009-12-07
reporterPatroklos Argyroudis
sourcehttps://packetstormsecurity.com/files/83483/CoreHTTP-0.5.3.1-Buffer-Overflow.html
titleCoreHTTP 0.5.3.1 Buffer Overflow

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:18437
last seen2017-11-19
modified2009-12-02
published2009-12-02
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-18437
titleCoreHTTP web server off-by-one buffer overflow vulnerability