Lucene search

PRIOn knowledge basePRION:CVE-2011-2900

HistoryAug 05, 2011 - 9:55 p.m.

Stack overflow

2011-08-0521:55:00

PRIOn knowledge base

www.prio-n.com

8.6 High

AI Score

Confidence

Low

0.47 Medium

EPSS

Percentile

97.5%

JSON

Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web Server (yasslEWS) 0.2, and (3) _shttpd_put_dir function in io_dir.c in Simple HTTPD (shttpd) 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT request, as exploited in the wild in 2011.

CPENameOperatorVersion
shttpdeq1.42
mongooseeq3.0
yasslewseq0.2

Name	Operator	Version
shttpd	eq	1.42
mongoose	eq	3.0
yasslews	eq	0.2

References

secunia.com/advisories/45464

secunia.com/advisories/45902

securityreason.com/securityalert/8337

www.openwall.com/lists/oss-security/2011/08/03/5

www.openwall.com/lists/oss-security/2011/08/03/9

www.securityfocus.com/bid/48980

code.google.com/p/mongoose/source/detail?r=556f4de91eae4bac40dc5d4ddbd9ec7c424711d0

exchange.xforce.ibmcloud.com/vulnerabilities/68991

lists.fedoraproject.org/pipermail/package-announce/2011-September/065273.html

lists.fedoraproject.org/pipermail/package-announce/2011-September/065505.html

lists.fedoraproject.org/pipermail/package-announce/2011-September/065537.html