Vulnerability Details : CVE-2013-5019
Public exploit exists!
Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resource name in an HTTP request.
Vulnerability category: OverflowExecute code
Products affected by CVE-2013-5019
- cpe:2.3:a:vector:ultra_mini_httpd:1.21:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-5019
91.89%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2013-5019
-
Ultra Mini HTTPD Stack Buffer Overflow
Disclosure Date: 2013-07-10First seen: 2020-04-26exploit/windows/http/ultraminihttp_bofThis module exploits a stack based buffer overflow in Ultra Mini HTTPD 1.21, allowing remote attackers to execute arbitrary code via a long resource name in an HTTP request. This exploit has to deal with the fact that the application's request handler thread is ter
CVSS scores for CVE-2013-5019
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2013-5019
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-5019
-
http://www.exploit-db.com/exploits/26739
Ultra Mini HTTPd 1.21 - Remote Stack Buffer Overflow - Windows remote Exploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/85599
Ultra Mini HTTPD resource name buffer overflow CVE-2013-5019 Vulnerability Report
-
http://www.exploit-db.com/exploits/31736
Ultra Mini HTTPd 1.21 - 'POST' Remote Stack Buffer Overflow (1) - Windows remote ExploitExploit
-
http://www.exploit-db.com/exploits/31814
Ultra Mini HTTPd 1.21 - 'POST' Remote Stack Buffer Overflow (2) - Windows remote ExploitExploit
-
http://www.securityfocus.com/bid/61130
Ultra Mini HTTPD 'GET' Request Stack-Based Buffer Overflow Vulnerability
-
https://www.exploit-db.com/exploits/44472/
Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow PoC - Windows_x86 local Exploit
Jump to