Null httpd Vulnerabilities
Created 9/27/02
CAN 2002-1496
Impact
A remote attacker could execute arbitrary commands.
Background
Null httpd
is a small, simple, and multithreaded web server for Linux and
Windows.
The Problems
Due to improper handling of negative Content-length headers in HTTP
requests, a remote attacker could cause a heap overflow and
execute arbitrary commands on the server. Null httpd 0.5.0
and possibly earlier versions are affected.
Resolution
Upgrade to Null httpd version 0.5.1 or higher.
Where can I read more about this?
This vulnerability was reported in a
Netric advisory.