Executive Summary

Informations
Name CVE-2011-2900 First vendor Publication 2011-08-05
Vendor Cve Last vendor Modification 2017-08-29

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web Server (yasslEWS) 0.2, and (3) _shttpd_put_dir function in io_dir.c in Simple HTTPD (shttpd) 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT request, as exploited in the wild in 2011.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2900

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 1
Application 1

ExploitDB Exploits

id Description
2011-08-15 Simple HTTPd 1.42 PUT Request Remote Buffer Overflow Vulnerability

OpenVAS Exploits

Date Description
2012-04-02 Name : Fedora Update for mongoose FEDORA-2011-11636
File : nvt/gb_fedora_2011_11636_mongoose_fc16.nasl
2011-09-12 Name : Fedora Update for mongoose FEDORA-2011-11823
File : nvt/gb_fedora_2011_11823_mongoose_fc15.nasl
2011-09-12 Name : Fedora Update for mongoose FEDORA-2011-11825
File : nvt/gb_fedora_2011_11825_mongoose_fc14.nasl
2011-09-07 Name : Mongoose Web Server Remote Buffer Overflow Vulnerability
File : nvt/gb_mongoose_server_put_req_bof_vuln.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
74309 Mongoose mongoose.c put_dir() Function HTTP PUT Web Request Parsing Overflow

Nessus® Vulnerability Scanner

Date Description
2011-09-09 Name : The remote Fedora host is missing a security update.
File : fedora_2011-11823.nasl - Type : ACT_GATHER_INFO
2011-09-09 Name : The remote Fedora host is missing a security update.
File : fedora_2011-11825.nasl - Type : ACT_GATHER_INFO
2011-09-07 Name : The remote Fedora host is missing a security update.
File : fedora_2011-11636.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/48980
CONFIRM https://code.google.com/p/mongoose/source/detail?r=556f4de91eae4bac40dc5d4ddb...
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2011-September/0652...
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/0655...
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/0655...
MLIST http://www.openwall.com/lists/oss-security/2011/08/03/5
http://www.openwall.com/lists/oss-security/2011/08/03/9
SECUNIA http://secunia.com/advisories/45464
http://secunia.com/advisories/45902
SREASON http://securityreason.com/securityalert/8337
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/68991

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
Date Informations
2021-05-04 12:14:51
  • Multiple Updates
2021-04-22 01:16:11
  • Multiple Updates
2020-05-23 00:29:51
  • Multiple Updates
2017-08-29 09:23:26
  • Multiple Updates
2016-04-26 20:56:20
  • Multiple Updates
2014-02-17 11:04:05
  • Multiple Updates
2013-05-10 23:04:37
  • Multiple Updates