// For flags

CVE-2011-2900

Simple HTTPd 1.42 - Denial of Servive

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web Server (yasslEWS) 0.2, and (3) _shttpd_put_dir function in io_dir.c in Simple HTTPD (shttpd) 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT request, as exploited in the wild in 2011.

Desbordamiento de buffer de pila en (1) la función put_dir de mongoose.c de Mongoose 3.0, (2) la función put_dir de yasslEWS.c de yaSSL Embedded Web Server (yasslEWS) 0.2 y (3) la función _shttpd_put_dir de io_dir.c de Simple HTTPD (shttpd) 1.42. Permite a atacantes remotos ejecutar código arbitrario a través de una petición HTTP PUT, como se ha demostrado en ataques en el 2011.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2011-07-27 CVE Reserved
  • 2011-08-05 CVE Published
  • 2011-08-12 First Exploit
  • 2024-03-25 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Shttpd
Search vendor "Shttpd"
Shttpd
Search vendor "Shttpd" for product "Shttpd"
1.42
Search vendor "Shttpd" for product "Shttpd" and version "1.42"
-
Affected
Valenok
Search vendor "Valenok"
Mongoose
Search vendor "Valenok" for product "Mongoose"
3.0
Search vendor "Valenok" for product "Mongoose" and version "3.0"
-
Affected
Yassl
Search vendor "Yassl"
Yasslews
Search vendor "Yassl" for product "Yasslews"
0.2
Search vendor "Yassl" for product "Yasslews" and version "0.2"
-
Affected