CVE-2003-1262

Current Description

Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0 and 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL request via a long (1) host, (2) referer, or (3) userAgent value.

Basic Data

PublishedDecember 31, 2003
Last ModifiedOctober 18, 2016
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.4
SeverityMEDIUM
Exploitability Score10.0
Impact Score4.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationHttp FetcherHttp Fetcher Library1.0.0*******
    2.3ApplicationHttp FetcherHttp Fetcher Library1.0.1*******

Vulnerable Software List

VendorProductVersions
Http Fetcher Http Fetcher Library 1.0.0, 1.0.1

References

NameSourceURLTags
20030107 GLSA: http-fetcherhttp://marc.info/?l=bugtraq&m=104195613529429&w=2BUGTRAQ
7823http://secunia.com/advisories/7823SECUNIA
http-fetcher-httpfetch-bo(11000)http://www.iss.net/security_center/static/11000.phpXF
GLSA-200301-6http://www.linuxsecurity.com/content/view/104480/104/GENTOO
20030106 [INetCop Security Advisory] Buffer Overflow vulnerability in HTTP Fetcher Library.http://www.securityfocus.com/archive/1/305340BUGTRAQExploit Patch
6531http://www.securityfocus.com/bid/6531BIDPatch