cbcvebase.
CVE-2019-17181
published 2019-10-28

CVE-2019-17181: A remote SEH buffer overflow has been discovered in IntraSrv 1.0 (2007-06-03). An attacker may send a crafted HTTP GET or HEAD request that can result in a…

PriorityP274critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
48.70%
98.7th percentile
A remote SEH buffer overflow has been discovered in IntraSrv 1.0 (2007-06-03). An attacker may send a crafted HTTP GET or HEAD request that can result in a compromise of the hosting system.

Affected

1 ranges
VendorProductVersion rangeFixed in
intrasrv_projectintrasrv

Detection & IOCsextracted from sources · hover to see the quote

versionIntraSrv 1.0 (2007-06-03)
commandHTTP GET or HEAD request (crafted, oversized)
  • Monitor for abnormally large or malformed HTTP GET/HEAD requests targeting IntraSrv 1.0 web server instances, as the vulnerability is triggered by an oversized HTTP request string that overflows an insufficiently sized buffer via SEH overwrite.
  • The exploit targets the HTTP request string boundary validation flaw in IntraSrv Simple Web Server 1.0; detect by alerting on HTTP GET/HEAD requests with unusually long URI or header fields sent to IntraSrv listener ports.
  • Successful exploitation results in arbitrary remote code execution in the context of the IntraSrv application process; monitor for unexpected child processes or shellcode execution spawned from the IntraSrv process.
  • ·This is a SEH (Structured Exception Handler) buffer overflow, meaning detection rules should account for SEH-chain overwrite patterns in addition to standard stack overflow indicators.
  • ·The vulnerability affects only IntraSrv Simple Web Server version 1.0; detection and patching efforts should be scoped specifically to this version and not assumed to apply to other web servers.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.