Back to CVE Browser

CVE-2002-2295

HIGH

7.5

CVSS Severity Score

EPSS Score0.0810%

EPSS Percentile35.38th

PublishedDec 31, 2002

Last ModifiedApr 16, 2026

Vulnerability Description

Buffer overflow in Pico Server (pServ) 2.0 beta 1 through beta 5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a 1024-byte TCP stream message, which triggers an off-by-one buffer overflow, or (2) a long method name in an HTTP request, (3) a long version number in an HTTP request, (4) a long User-Agent header, or (5) a long file path.

Affected Platforms (CPE)

📦

Pico Server

Pico Server

= 2.0_beta_1

📦

Pico Server

Pico Server

= 2.0_beta_2

📦

Pico Server

Pico Server

= 2.0_beta_3

📦

Pico Server

Pico Server

= 2.0_beta_5

References & Advisories

🔗 http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2002-11/0457.html

🔗 http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-12/0005.html

🔗 http://www.securiteam.com/securitynews/6Q0020A6AS.html

🔗 http://www.securityfocus.com/bid/6283

🔗 http://www.securityfocus.com/bid/6284

🔗 http://www.securityfocus.com/bid/6285

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/10734

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/10783

Related Vulnerabilities

CVE-2005-136510.0

Pico Server (pServ) 3.2 and earlier allows remote attackers to execute arbitrary commands via a URL with multiple leading "/" (sla...

CVE-2005-13667.5

Pico Server (pServ) 3.2 and earlier allows remote attackers to obtain the source code for CGI scripts via "dirname/../cgi-bin" in ...

CVE-2005-13677.5

Pico Server (pServ) 3.2 and earlier allows local users to read arbitrary files as the pServ user via a symlink to a file outside o...

CVE-2005-16267.5

Multiple buffer overflows in handlers.c for Pico Server (pServ) before 3.3 may allow attackers to execute arbitrary code.