Strike ID:
E09-63a01
CVSS:
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
False Positive:
t
Variants:
1
Year:
2009

Description

This strike exploits a stack buffer overflow vulnerability in Rhino Ser-Us Web Server. The Session parameter of the Cookie header is not properly validated, and when the value is read in it first gets converted to unicode then converts two bytes of the Session string into a long int and writes that resulting value to a fixed stack buffer.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}