CVE-2005-4270

Watchfire AppScan QA 5.0.609 and 5.0.134 - Remote Code Execution via Long Realm Field in WWW-Authenticate Header

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-4270. PoCs published by Mariano NuÃ±ez.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Watchfire AppScan QA by serving a malicious 401 response with embedded shellcode. The PoC sets up a fake web server that triggers the exploit when a request for the 'admin' resource is detected.

Description

Buffer overflow in Watchfire AppScan QA 5.0.609 and 5.0.134 allows remote web servers to execute arbitrary code via an HTTP 401 response with a WWW-Authenticate header containing a long Realm field.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mariano NuÃ±ez · perlremotewindows

https://www.exploit-db.com/exploits/1374

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Watchfire AppScan QA by serving a malicious 401 response with embedded shellcode. The PoC sets up a fake web server that triggers the exploit when a request for the 'admin' resource is detected.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Watchfire AppScan QA (Windows 2000 Server SP4)

No auth needed

Prerequisites: Victim must scan the malicious server with AppScan QA · Target must be running Windows 2000 Server SP4

MITRE ATT&CK