O'Reilly WebSite GET Buffer Overflow Vulnerability

info
discussion
exploit
solution
references

O'Reilly WebSite GET Buffer Overflow Vulnerability

There is a buffer overflow in O'Reilly WebSite Web Server versions prior to (not including) 2.5. This can exploited by submitting a long GET request or "Referrer" client header. It is possible to overwrite the return address and thereby execute code.