漏洞类别:Web server漏洞等级: 
漏洞信息
John Roy Pi3Web is a standard Web server, which includes CGI and ISAPI support. Pi3Web uses multi-threading to handle system requests. Due to a buffer overflow vulnerability in John Roy Pi3Web Web server, it's possible for a malicious user to cause the server to stop responding and possibly execute code.
The ISAPI application within the server fails to properly handle user-supplied input. Requesting a specially crafted URL composed of numerous arbitrary characters will cause the buffer to overflow and possibly allow the execution of arbitrary code. Pi3Web Web server has also been known to disclose the physical path to the Web root if an invalid request is made.
漏洞危害
Successful exploitation of this vulnerability could lead to complete compromise of the target host.
解决方案
This issue has been addressed in John Roy Pi3Web 1.0.3, which is available for download from the Pi3Web Web site.
0day
文章评论