VULHUB ™

It has been reported that Null HTTPd is prone to a cross-site scripting vulnerability when displaying error pages that may allow an attacker to execute HTML or script code in a user's browser. The issue was previously reported and fixed (BID 5603), however an attacker may send a long HTTP request to the software, which may overwrite memory containing the fix for cross-site scripting issue. As a result, an attacker may bypass the check for cross-site scripting and construct a link containing malicious HTML and script code to be rendered in a user's browser upon visiting that link. Successful exploitation of this issue may allow an attacker to steal cookie-based authentication credentials. Other attacks are also possible. Null HTTPd version 0.5.1 and prior are reported to be prone to this issue.

It has been reported that Null HTTPd is prone to a cross-site scripting vulnerability when displaying error pages that may allow an attacker to execute HTML or script code in a user's browser. The issue was previously reported and fixed (BID 5603), however an attacker may send a long HTTP request to the software, which may overwrite memory containing the fix for cross-site scripting issue. As a result, an attacker may bypass the check for cross-site scripting and construct a link containing malicious HTML and script code to be rendered in a user's browser upon visiting that link. Successful exploitation of this issue may allow an attacker to steal cookie-based authentication credentials. Other attacks are also possible. Null HTTPd version 0.5.1 and prior are reported to be prone to this issue.