CVE-2009-3711

Jasper Httpdx - Memory Corruption

Title source: rule

Description

Stack-based buffer overflow in the h_handlepeer function in http.cpp in httpdx 1.4, and possibly 1.4.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16799

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Pankaj Kohli · textremotewindows

https://www.exploit-db.com/exploits/10053

View Code ZIP pw:eip

metasploit WORKING POC GREAT

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/httpdx_handlepeer.rb

View Code ZIP pw:eip

References (8)

[Exploit] http://marc.info/?l=bugtraq&m=125544914512291&w=2

[Vendor Advisory] http://secunia.com/advisories/36991

[Exploit, URL Repurposed] http://www.pank4j.com/exploits/httpdxb0f.php

[Vendor Advisory] http://www.vupen.com/english/advisories/2009/2874

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/53700

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/507042/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/507073/100/0/threaded

[Third Party Advisory, VDB Entry] http://osvdb.org/58714

Scores

EPSS 0.7894

EPSS Percentile 99.1%

Details

CWE

CWE-119

Status published

Products (2)

jasper/httpdx 1.4

jasper/httpdx 1.4.3

Published Oct 16, 2009

Tracked Since Feb 18, 2026