O’Reilly WebSite ‘webfind.exe’缓冲区溢出漏洞

漏洞信息详情

O’Reilly WebSite ‘webfind.exe’缓冲区溢出漏洞

• CNNVD编号：CNNVD-200007-049
• 危害等级： 超危
  
  
• CVE编号：
  CVE-2000-0622
  
• 漏洞类型：
  
  
  缓冲区溢出
  
• 发布时间：
  
  2000-07-19
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-09-22
  
• 厂        商：
  
  oreilly
• 漏洞来源：
  This vulnerability…

O\’\’Reilly WebSite Professional web server 2.x版本中的Webfind CGI程序存在缓冲区溢出漏洞。远程攻击者借助包含超长\”keywords\”参数的URL执行任意命令。

Upgrade to at least version 2.5 of the software.
OReilly Software WebSite Professional 2.3.18

• O’Reilly & Associates WebSite 2.5
  
  http://website.oreilly.com/support/software/wsp2x_updates.cfm

OReilly Software WebSite Professional 2.4

• O’Reilly & Associates WebSite 2.5
  
  http://website.oreilly.com/support/software/wsp2x_updates.cfm

OReilly Software WebSite Professional 2.4.9

• O’Reilly & Associates WebSite 2.5
  
  http://website.oreilly.com/support/software/wsp2x_updates.cfm

来源: website.oreilly.com
链接:http://website.oreilly.com/support/software/wspro25_releasenotes.txt

来源: XF
名称: website-webfind-bo(4962)
链接:http://xforce.iss.net/static/4962.php

来源: BID
名称: 1487
链接:http://www.securityfocus.com/bid/1487

来源: NAI
名称: 20000719 O’Reilly WebSite Professional Overflow
链接:http://www.nai.com/research/covert/advisories/043.asp