CVE-2019-19943

HIGH

Pablo Quick 'n Easy Web Server < 3.3.8 - Unauthenticated Heap Memory Corruption via Host/Domain Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-19943. PoCs published by Cody Winkler.

AI-analyzed exploit summary This exploit triggers a heap memory corruption in Quick N' Easy Web Server <= 3.3.8 by sending a malformed HTTP request with an oversized 'Host' header, leading to a denial-of-service condition. The PoC demonstrates a remote unauthenticated attack that causes a double-free in OLEAUT32!VariantClear().

Description

The HTTP service in quickweb.exe in Pablo Quick 'n Easy Web Server 3.3.8 allows Remote Unauthenticated Heap Memory Corruption via a large host or domain parameter. It may be possible to achieve remote code execution because of a double free.

Exploits (1)

exploitdb WORKING POC
by Cody Winkler · pythondoswindows
https://www.exploit-db.com/exploits/48111

This exploit triggers a heap memory corruption in Quick N' Easy Web Server <= 3.3.8 by sending a malformed HTTP request with an oversized 'Host' header, leading to a denial-of-service condition. The PoC demonstrates a remote unauthenticated attack that causes a double-free in OLEAUT32!VariantClear().

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Quick N' Easy Web Server <= 3.3.8
No auth needed
Prerequisites: Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/48111

Scores

CVSS v3 7.5
EPSS 0.0426
EPSS Percentile 89.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-415 CWE-787
Status published
Products (1)
pablosoftwaresolutions/quick_\'n_easy_web_server < 3.3.8
Published Feb 28, 2020
Tracked Since Feb 18, 2026