{"vuid":"VU#206382","idnumber":"206382","name":"Monit fails to properly handle overly long HTTP requests","keywords":["TildeSlash","Monit","buffer overflow","long string of characters","HTTP request"],"overview":"Monit is vulnerable to a buffer overflow when processing overly long HTTP requests.","clean_desc":"Monit is a utility to monitor system processes, files, directories, devices, and remote hosts. It provides a web-based interface that can be used to access the Monit server. There is a buffer overflow vulnerability in the way Monit handles HTTP requests. By supplying an overly long HTTP request, an unauthenticated, remote attacker could execute arbitrary code with privileges of the vulnerable process.","impact":"A remote, unauthenticated attacker could execute arbitrary code on the vulnerable system with privileges of the vulnerable process.","resolution":"Upgrade\nUpgrade to Monit version 4.1.1 or later.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported by Evgeny Legerov of S-Quadra.","author":"This document was written by Damon Morda.","public":["http://www.tildeslash.com/monit/","http://www.tildeslash.com/monit/changes.html","http://www.s-quadra.com/advisories/Adv-20031124.txt","http://www.securityfocus.com/bid/9099","http://forums.gentoo.org/viewtopic.php?t=155764"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-03-31T16:14:35Z","publicdate":"2004-03-31T00:00:00Z","datefirstpublished":"2004-04-06T14:09:52Z","dateupdated":"2004-04-06T14:12:00Z","revision":9,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"5","cam_impact":"17","cam_easeofexploitation":"10","cam_attackeraccessrequired":"15","cam_scorecurrent":"4.78125","cam_scorecurrentwidelyknown":"5.9765625","cam_scorecurrentwidelyknownexploited":"10.7578125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":4.78125,"vulnote":null}