Kolibri WebServer HTTP GET Request Handling Buffer Overflow
Added: 08/07/2014CVE: CVE-2014-4158
BID: 68195
OSVDB: 108090
Background
SENKAS Kolibri Webserver is a free very simple web server for Microsoft Windows that supports serving static web content.Problem
Kolibri Webserver is vulnerable to a stack buffer overflow as a result of failure to properly validate user-supplied input when handling HTTP GET requests. A remote attacker that supplies an overly long URI in a GET request could potentially execute arbitray code in the context of the Kolibri server.Resolution
Deploy an alternate web server product or apply a patch when and if it becomes available.References
http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-4158.htmlLimitations
Exploit works against Kolibri Webserver 2.0 running on English versions of Windows XP SP2, Windows 2003 SP2 and Windows 7 SP1.Platforms
Windows XP / Windows Server 2003Windows 7
Back to exploit index