IBM HTTP Server Remote Overflow Vulnerability _jsp programming
Source: Internet
Author: User
Involving procedures:
Get
Describe:
IBM HTTP Server Remote overflow by committing an extra long GET request
With:
IBM's HTTP server is a Web server. A denial of service vulnerability exists in the version used by Windows NT.
Submitting a GET request that is more than 219 characters will cause the server to stop responding with an error. Restarting the application is required to restore the service to work properly. Successful exploitation of this vulnerability could allow an attacker to execute any code on the victim host. (But this has not been fully substantiated.) )
The following code is only used to test and investigate this vulnerability if you use it in an improper way to the consequences at your own risk
$ telnet Target 80
Get/... (216 ".") AAA http/1.0
The system will report the following error message:
STOP:0X0000001E (0x00000005,0x804b3a51,0x00000000,0x00000000) Kmode_excepti
On_not_handled.
Address 804b3a51 base at 80400000,datastamp 384d9b17-ntoskrnl.exe
Note: The target host is running under Windows 2000.
Affected systems
IBM HTTP Server 1.3.6.3
-Turbolinux Turbo Linux 3.0.1
-Sun Solaris 2.6
-S.U.S.E. Linux 6.1
-S.U.S.E. Linux 6.0
-RedHat Linux 6.0 SPARC
-RedHat Linux 5.2 SPARC
-Microsoft Windows NT 4.0
-IBM AIX 4.2.1
-Caldera OpenLinux 2.2
Solution:
IBM has resolved this issue in version 1.3.12, download the address:
Http://www-4.ibm.com/software/webservers/httpservers/download.html
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.