| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 10.0 | $0-$5k | 0.12 |
A vulnerability was found in Jasper httpdx 1.4/1.4.3 (Programming Tool Software). It has been classified as very critical. This affects the function h_handlepeer of the file http.cpp. The manipulation with an unknown input leads to a memory corruption vulnerability. CWE is classifying the issue as CWE-119. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
Stack-based buffer overflow in the h_handlepeer function in http.cpp in httpdx 1.4, and possibly 1.4.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.
The weakness was shared 10/08/2009 (Website). The advisory is shared at xforce.iss.net. This vulnerability is uniquely identified as CVE-2009-3711 since 10/16/2009. The exploitability is told to be easy. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details are known, but no exploit is available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 08/24/2021).
It is declared as highly functional.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 9954.
The vulnerability is also documented in the databases at X-Force (53700) and Vulnerability Center (SBV-31321).
Type
Vendor
Name
VulDB Meta Base Score: 10.0
VulDB Meta Temp Score: 10.0
VulDB Base Score: 10.0
VulDB Temp Score: 10.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Class: Memory corruption
CWE: CWE-119
ATT&CK: Unknown
Local: No
Remote: Yes
Availability: 🔍
Status: Highly functional
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
OpenVAS ID: 800962
OpenVAS Name: httpdx Web Server h_handlepeer() Buffer Overflow Vulnerability
OpenVAS File: 🔍
OpenVAS Family: 🔍
MetaSploit ID: httpdx_handlepeer.rb
MetaSploit Name: HTTPDX h_handlepeer() Function Buffer Overflow
MetaSploit File: 🔍
Threat Intelligence
Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍Recommended: no mitigation known
Status: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
PaloAlto IPS: 🔍
Fortigate IPS: 🔍
10/08/2009 🔍
10/10/2009 🔍
10/16/2009 🔍
10/16/2009 🔍
10/16/2009 🔍
05/08/2011 🔍
03/18/2015 🔍
08/24/2021 🔍Advisory: xforce.iss.net
Status: Not defined
CVE: CVE-2009-3711 (🔍)
X-Force: 53700
Vulnerability Center: 31321 – httpdx Remote DoS or Arbitrary Code Execution Vulnerability via a Long HTTP GET Request, High
OSVDB: 58714 – httpdx http.cpp h_handlepeer() Function Overflow
Created: 03/18/2015 15:15
Updated: 08/24/2021 02:48
Changes: (2) source_cve_assigned vulnerability_cvss2_nvd_basescore
Complete: 🔍
Comments
Check our Alexa App!
