CVE-2019-17181
published 2019-10-28CVE-2019-17181: A remote SEH buffer overflow has been discovered in IntraSrv 1.0 (2007-06-03). An attacker may send a crafted HTTP GET or HEAD request that can result in a…
PriorityP274critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
48.70%
98.7th percentile
A remote SEH buffer overflow has been discovered in IntraSrv 1.0 (2007-06-03). An attacker may send a crafted HTTP GET or HEAD request that can result in a compromise of the hosting system.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| intrasrv_project | intrasrv | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for abnormally large or malformed HTTP GET/HEAD requests targeting IntraSrv 1.0 web server instances, as the vulnerability is triggered by an oversized HTTP request string that overflows an insufficiently sized buffer via SEH overwrite. ↗
- →The exploit targets the HTTP request string boundary validation flaw in IntraSrv Simple Web Server 1.0; detect by alerting on HTTP GET/HEAD requests with unusually long URI or header fields sent to IntraSrv listener ports. ↗
- →Successful exploitation results in arbitrary remote code execution in the context of the IntraSrv application process; monitor for unexpected child processes or shellcode execution spawned from the IntraSrv process. ↗
- ·This is a SEH (Structured Exception Handler) buffer overflow, meaning detection rules should account for SEH-chain overwrite patterns in addition to standard stack overflow indicators. ↗
- ·The vulnerability affects only IntraSrv Simple Web Server version 1.0; detection and patching efforts should be scoped specifically to this version and not assumed to apply to other web servers. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2019-10-28
Published