CVE-2001-1067
published 2001-08-31CVE-2001-1067: Buffer overflow in AOLserver 3.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via an HTTP request with a long…
PriorityP340critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
16.11%
96.5th percentile
Buffer overflow in AOLserver 3.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via an HTTP request with a long Authorization header.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aol | aol_server | — | — |
| aol | aol_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
AOLServer 3 - 'Authentication String' Remote Buffer Overflow (2)
exploitdb·2001-09-05
CVE-2001-1067 AOLServer 3 - 'Authentication String' Remote Buffer Overflow (2)
AOLServer 3 - 'Authentication String' Remote Buffer Overflow (2)
---
// source: https://www.securityfocus.com/bid/3230/info
AOLServer is a freely available, open source web server. It was originally written by AOL, and is currently developed and maintained by AOL and public domain.
A problem has been discovered that can allow remote users to crash an AOLServer, denying service to legitimate users of the system. The problem is due to the handling of passwords. It is possible for a remote user to overflow a buffer within the AOLServer process by sending a password of 2048 bytes. This could result in the overwriting of stack variables, including the return address.
This makes it possible for a remote user to execute arbitrary code with the privileges of the AOLServer process, and potenti
Exploit-DB
AOLServer 3 - 'Authentication String' Remote Buffer Overflow (1)
exploitdb·2001-08-22
CVE-2001-1067 AOLServer 3 - 'Authentication String' Remote Buffer Overflow (1)
AOLServer 3 - 'Authentication String' Remote Buffer Overflow (1)
---
source: https://www.securityfocus.com/bid/3230/info
AOLServer is a freely available, open source web server. It was originally written by AOL, and is currently developed and maintained by AOL and public domain.
A problem has been discovered that can allow remote users to crash an AOLServer, denying service to legitimate users of the system. The problem is due to the handling of passwords. It is possible for a remote user to overflow a buffer within the AOLServer process by sending a password of 2048 bytes. This could result in the overwriting of stack variables, including the return address.
This makes it possible for a remote user to execute arbitrary code with the privileges of the AOLServer process, and potentiall
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2001-08/0325.htmlhttp://www.securityfocus.com/archive/1/213041http://www.securityfocus.com/bid/3230https://exchange.xforce.ibmcloud.com/vulnerabilities/7030http://archives.neohapsis.com/archives/bugtraq/2001-08/0325.htmlhttp://www.securityfocus.com/archive/1/213041http://www.securityfocus.com/bid/3230https://exchange.xforce.ibmcloud.com/vulnerabilities/7030
2001-08-31
Published