T. Hauck » Jana Web Server : Security Vulnerabilities, CVEs, (Code Execution)
Thomas Hauck Jana Server 1.4.6 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large message index value in a (1) RETR or (2) DELE command to the POP3 server, which exceeds the array limits and allows a buffer overflow attack.
Max CVSS
7.5
EPSS Score
3.72%
Published
2002-10-04
Updated
2008-09-05
Signedness error in Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allows remote attackers to execute arbitrary code via long (1) Username, (2) Password, or (3) Hostname entries.
Max CVSS
7.5
EPSS Score
1.93%
Published
2002-10-04
Updated
2008-09-05
Multiple buffer overflows in Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) an HTTP GET request with a long major version number, (2) an HTTP GET request to the HTTP proxy on port 3128 with a long major version number, (3) a long OK reply from a POP3 server, and (4) a long SMTP server response.
Max CVSS
7.5
EPSS Score
5.06%
Published
2002-10-04
Updated
2008-09-05
3 vulnerabilities found