CVSS: 7.5EPSS: 13%CPEs: 1EXPL: 2CVE-2020-29596
https://notcve.org/view.php?id=CVE-2020-29596
MiniWeb HTTP server 0.8.19 allows remote attackers to cause a denial of service (daemon crash) via a long name for the first parameter in a POST request. El servidor HTTP MiniWeb versión 0.8.19, permite a atacantes remotos causar una denegación de servicio (bloqueo del demonio) mediante un nombre largo para el primer parámetro en una petición POST • https://packetstormsecurity.com/files/160470/MiniWeb-HTTP-Server-0.8.19-Buffer-Overflow.html https://securityforeveryone.com/blog/miniweb-http-server-vulnerability-0-day-cve-2020-29596 https://sourceforge.net/projects/miniweb/files/miniweb/0.8 https://www.exploit-db.com/exploits/49247 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 2CVE-2008-0337 – Miniweb 0.8.19 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-0337
Heap-based buffer overflow in the _mwProcessReadSocket function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to execute arbitrary code via a long URI. Desbordamiento de búfer basado en pila en la función _mwProcessReadSocket de http.c en MiniWeb HTTP Server 0.8.19 permite a atacantes remotos ejecutar código de su elección mediante un URI largo. • https://www.exploit-db.com/exploits/4923 http://secunia.com/advisories/28512 http://www.bugtraq.ir/adv/miniweb_english.pdf http://www.securityfocus.com/bid/27319 http://www.vupen.com/english/advisories/2008/0176 https://exchange.xforce.ibmcloud.com/vulnerabilities/39718 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2008-0338 – Miniweb 0.8.19 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-0338
Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a (1) .%2e (partially encoded dot dot) or (2) %2e%2e (encoded dot dot) in the URI. Vulnerabilidad de salto de directorio en la función mwGetLocalFileName de http.c en MiniWeb HTTP Server 0.8.19 permite a atacantes remotos leer ficheros y listar directorios de su elección mediante (1) %2e (secuencia punto punto parcialmente codificada) o (2) %2e%2e (secuencia punto punto codificada) en el URI. • https://www.exploit-db.com/exploits/4923 http://secunia.com/advisories/28512 http://www.bugtraq.ir/adv/miniweb_english.pdf http://www.securityfocus.com/bid/27319 http://www.vupen.com/english/advisories/2008/0176 https://exchange.xforce.ibmcloud.com/vulnerabilities/39713 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 6%CPEs: 2EXPL: 2CVE-2007-3159 – MiniWeb HTTP Server 0.8.x - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-3159
http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service (application crash) via a negative value in the Content-Length HTTP header. http.c en MiniWeb Http Server 0.8.x permite a atacantes remotos provocar denegación de servicio (caida de aplicación) a través de un valor negativo en la cabecera Content-Length HTTP. • https://www.exploit-db.com/exploits/4046 http://osvdb.org/37185 http://secunia.com/advisories/25528 http://www.securityfocus.com/bid/24375 https://exchange.xforce.ibmcloud.com/vulnerabilities/34774 •