CVE-2007-1733
published 2007-03-28CVE-2007-1733: Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long (1) /cgi-bin/ or (2) /cgi/ pathname in…
PriorityP355critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
10.75%
95.3th percentile
Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long (1) /cgi-bin/ or (2) /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| intervations | navicopa_web_server | — | — |
| intervations | navicopa_web_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →EIP overwrite occurs at byte offset 270–274 in the overflow buffer; look for the ROP gadget address 0x1002c46f (push esp; retn) in HTTP request payloads. ↗
- →Bad characters filtered by the exploit are \x00\x26\x3d\x0a\x0d\x25\x2b\x2e\x3f; payloads in the wild will not contain these bytes, which can help tune detection signatures. ↗
- →The DoS variant (CVE-2007-2336) uses long HTTP requests containing '\A' characters; detect HTTP requests with repeated '\A' sequences targeting NaviCOPA. ↗
- ·The ROP gadget address 0x1002c46f is fixed for all English and German Windows targets (XP, 2000, Vista); this address may differ on other locales or OS versions not listed. ↗
- ·The EIP offset shifts by 4 bytes depending on the NaviCOPA installation path length (English offset 270, German offset 274); detection rules based on fixed offsets may miss non-English installs. ↗
- ·The exploit targets NaviCOPA 2.01 released 6th October 2006 or earlier and is explicitly noted as a different vulnerability from BID 20250. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xwx8-pcpq-9jrq: Buffer overflow in InterVations NaviCOPA HTTP Server 2
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-1733 [HIGH] GHSA-xwx8-pcpq-9jrq: Buffer overflow in InterVations NaviCOPA HTTP Server 2
Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long (1) /cgi-bin/ or (2) /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112.
GHSA
GHSA-hxx6-rmq4-pmj6: Unspecified vulnerability in InterVations NaviCOPA Web Server 2
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-2336 [HIGH] GHSA-hxx6-rmq4-pmj6: Unspecified vulnerability in InterVations NaviCOPA Web Server 2
Unspecified vulnerability in InterVations NaviCOPA Web Server 2.01 20070323 allows remote attackers to cause a denial of service (daemon crash) via crafted HTTP requests, as demonstrated by long requests containing '\A' characters, probably a different issue than CVE-2006-5112 and CVE-2007-1733. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/34503http://secunia.com/advisories/24673http://securityreason.com/securityalert/2483http://www.securityfocus.com/archive/1/463931/100/0/threadedhttp://www.securityfocus.com/bid/23179http://www.skilltube.com/index.php?option=com_content&task=view&id=13&Itemid=37http://www.vupen.com/english/advisories/2007/1137https://exchange.xforce.ibmcloud.com/vulnerabilities/33296https://www.exploit-db.com/exploits/3589http://osvdb.org/34503http://secunia.com/advisories/24673http://securityreason.com/securityalert/2483http://www.securityfocus.com/archive/1/463931/100/0/threadedhttp://www.securityfocus.com/bid/23179http://www.skilltube.com/index.php?option=com_content&task=view&id=13&Itemid=37http://www.vupen.com/english/advisories/2007/1137https://exchange.xforce.ibmcloud.com/vulnerabilities/33296https://www.exploit-db.com/exploits/3589
2007-03-28
Published