CVE-2012-10053
CRITICALSimple Web Server 2.2 rc2 - Buffer Overflow
Title source: llmDescription
Simple Web Server 2.2 rc2 contains a stack-based buffer overflow vulnerability in its handling of the Connection HTTP header. When a remote attacker sends an overly long string in this header, the server uses vsprintf() without proper bounds checking, leading to a buffer overflow on the stack. This flaw allows remote attackers to execute arbitrary code with the privileges of the web server process. The vulnerability is triggered before authentication.
Exploits (4)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/20028
exploitdb
WORKING POC
VERIFIED
by mr.pr0n · perlremotewindows
https://www.exploit-db.com/exploits/19937
metasploit
WORKING POC
NORMAL
by mr.pr0n, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/sws_connection_bof.rb
metasploit
WORKING POC
GREAT
by Rick2600, dookie · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/somplplayer_m3u.rb
References (6)
Scores
CVSS v4
9.3
EPSS
0.6432
EPSS Percentile
98.5%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Details
CWE
CWE-121
Status
published
Products (1)
PMSoftware/Simple Web Server
2.2 rc2
Published
Aug 08, 2025
Tracked Since
Feb 18, 2026