CVE-2001-0028
published 2001-02-12CVE-2001-0028: Buffer overflow in the HTML parsing code in oops WWW proxy server 1.5.2 and earlier allows remote attackers to execute arbitrary commands via a large number of…
PriorityP339critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
7.14%
93.5th percentile
Buffer overflow in the HTML parsing code in oops WWW proxy server 1.5.2 and earlier allows remote attackers to execute arbitrary commands via a large number of " (quotation) characters.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| igor_khasilev | oops_proxy_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Oops Proxy Server 1.4.22 - Remote Buffer Overflow (1)
exploitdb·2000-12-11
CVE-2001-0028 Oops Proxy Server 1.4.22 - Remote Buffer Overflow (1)
Oops Proxy Server 1.4.22 - Remote Buffer Overflow (1)
---
// source: https://www.securityfocus.com/bid/2099/info
Oops is a freely available proxy server package, written by Igor Khasilev. A problem exists in the package which could allow for the arbitrary execution of code.
Multiple buffer overflows exist in this product. In one instance, it is possible to make a request with numerous quotation marks (") in the request, which are later translated to the html tag """. The translation of this character makes it possible to overflow and potentially execute code on the stack. This makes it possible for a malicious user to execute code with the privileges of the user the proxy server is operating as.
The secondary problem involves a buffer overflow in the DNS resolution code. It is possibl
Exploit-DB
Oops Proxy Server 1.4.22 - Remote Buffer Overflow (2)
exploitdb·2000-12-07
CVE-2001-0028 Oops Proxy Server 1.4.22 - Remote Buffer Overflow (2)
Oops Proxy Server 1.4.22 - Remote Buffer Overflow (2)
---
// source: https://www.securityfocus.com/bid/2099/info
Oops is a freely available proxy server package, written by Igor Khasilev. A problem exists in the package which could allow for the arbitrary execution of code.
Multiple buffer overflows exist in this product. In one instance, it is possible to make a request with numerous quotation marks (") in the request, which are later translated to the html tag """. The translation of this character makes it possible to overflow and potentially execute code on the stack. This makes it possible for a malicious user to execute code with the privileges of the user the proxy server is operating as.
The secondary problem involves a buffer overflow in the DNS resolution code. It is possibl
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2000-12/0127.htmlhttp://archives.neohapsis.com/archives/freebsd/2000-12/0418.htmlhttp://www.securityfocus.com/bid/2099https://exchange.xforce.ibmcloud.com/vulnerabilities/5725http://archives.neohapsis.com/archives/bugtraq/2000-12/0127.htmlhttp://archives.neohapsis.com/archives/freebsd/2000-12/0418.htmlhttp://www.securityfocus.com/bid/2099https://exchange.xforce.ibmcloud.com/vulnerabilities/5725
2001-02-12
Published