OmniHTTPd HTTP version buffer overflow
|omnihttpd-http-version-bo (9457)||Low Risk|
OmniHTTPd is vulnerable to a denial of service attack, caused by a buffer overflow in the handling of long HTTP versions. By sending a malformed request containing an overly long HTTP version, a remote attacker could overflow a buffer and cause the HTTP daemon to crash. It is unknown whether this vulnerability could be used to execute arbitrary code on the system.
No remedy available as of September 1, 2014.
- BugTraq Mailing List, Mon Jul 01 2002 - 13:27:18 CDT: BufferOverflow in OmniHTTPd 2.09.
- Omnicron Technologies Web Site: OmniHTTPd.
- BID-5136: OmniHTTPD Long Request Buffer Overflow Vulnerability
- CVE-2002-1035: Omnicron OmniHTTPd 2.09 allows remote attackers to cause a denial of service (crash) via an HTTP request with a long, malformed HTTP 1version number.
- OSVDB ID: 5000: OmniHTTPd HTTP Version Overflow DoS
- Omnicron Technologies OmniHTTPd 2.09
Jul 01, 2002