CVE-2002-0289
published 2002-05-31CVE-2002-0289: Buffer overflow in Phusion web server 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long HTTP request.
PriorityP429medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
13.00%
95.8th percentile
Buffer overflow in Phusion web server 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long HTTP request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bbshareware.com | phusion_webserver | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Phusion WebServer 1.0 - Long URL Denial of Service
exploitdb·2002-02-16
CVE-2002-0289 Phusion WebServer 1.0 - Long URL Denial of Service
Phusion WebServer 1.0 - Long URL Denial of Service
---
source: https://www.securityfocus.com/bid/4118/info
Phusion Webserver is a commercial HTTP server that runs on Microsoft Windows 9x/NT/2000 operating systems.
It is possible for a remote attacker to deny service to legitimate users of the service by submitting an excessively long web request (approximately 3000+ bytes).
It should be noted that this issue is due to a remotely exploitable buffer overflow condition.
#!/usr/bin/perl
#
# Simple script to send a long 'A^s' command to the server,
# resulting in the server crashing.
#
# Phusion Webserver v1.0 proof-of-concept exploit.
# By Alex Hernandez (C)2002.
#
# Thanks all the people from Spain and Argentina.
# Special Greets: White-B, Pablo S0r, Paco Spain, L.Martins,
# G.Maggiotti
Exploit-DB
Phusion WebServer 1.0 - 'URL' Remote Buffer Overflow
exploitdb·2002-02-16
CVE-2002-0289 Phusion WebServer 1.0 - 'URL' Remote Buffer Overflow
Phusion WebServer 1.0 - 'URL' Remote Buffer Overflow
---
// source: https://www.securityfocus.com/bid/4119/info
Phusion Webserver is a commercial HTTP server that runs on Microsoft Windows 9x/NT/2000 operating systems.
Phusion Webserver does not perform sufficient bounds checking of externally supplied data. As a result, it is possible for a remote attacker to submit an excessively long web request which may cause stack variables to be overwritten with attacker-supplied instructions.
As webservers normally run with SYSTEM privileges on Microsoft Windows operating systems, this may result in a full compromise of a host running the vulnerable software.
It should be noted that this unchecked buffer may also be exploited to cause a denial of service condition.
/** Phusion-Overun.c
** -R
No writeups or analysis indexed.
2002-05-31
Published