Vulnerability Details : CVE-2006-5216
Public exploit exists!
Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) 1.34 allows remote attackers to execute arbitrary code via a long URI.
Vulnerability category: OverflowExecute code
Products affected by CVE-2006-5216
- cpe:2.3:a:sergey_lyubka:simple_httpd:1.34:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-5216
95.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2006-5216
-
SHTTPD URI-Encoded POST Request Overflow
Disclosure Date: 2006-10-06First seen: 2020-04-26exploit/windows/http/shttpd_postThis module exploits a stack buffer overflow in SHTTPD <= 1.34. The vulnerability is caused due to a boundary error within the handling of POST requests. Based on an original exploit by skOd but using a different method found by hdm. Authors: - LMH <lmh@in
CVSS scores for CVE-2006-5216
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2006-5216
-
http://www.vupen.com/english/advisories/2006/3939
-
http://www.securityfocus.com/bid/20393
SHTTPD Remote Buffer Overflow Vulnerability
-
http://exploitlabs.com/files/advisories/EXPL-A-2006-005-shttpd.txt
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/29368
-
http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050146.html
-
http://securitytracker.com/id?1017088
-
https://www.exploit-db.com/exploits/2482
Jump to