CVE-2023-4491
Easy Address Book Web Server Buffer overflow vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Buffer overflow vulnerability in Easy Address Book Web Server 1.6 version. The exploitation of this vulnerability could allow an attacker to send a very long username string to /searchbook.ghp, asking for the name via a POST request, resulting in arbitrary code execution on the remote machine.
Vulnerabilidad de desbordamiento de búfer en Easy Address Book Web Server versión 1.6. La explotación de esta vulnerabilidad podría permitir a un atacante enviar un nombre de usuario muy largo a /searchbook.ghp, solicitando el nombre mediante una solicitud POST, lo que resultaría en la ejecución de código arbitrario en la máquina remota.
Easy Address Book Web Server version 1.6 suffers from buffer overflow and cross site scripting vulnerabilities.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2023-08-23 CVE Reserved
- 2023-08-31 CVE Published
- 2024-09-05 CVE Updated
- 2024-10-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Easy Address Book Web Server Project Search vendor "Easy Address Book Web Server Project" | Easy Address Book Web Server Search vendor "Easy Address Book Web Server Project" for product "Easy Address Book Web Server" | 1.6 Search vendor "Easy Address Book Web Server Project" for product "Easy Address Book Web Server" and version "1.6" | - |
Affected
|