Essentia Web Server Long URL Buffer Overflow Vulnerability

Essentia Web Server Long URL Buffer Overflow Vulnerability

Essentia Web Server is a multi-threaded HTTP server designed for Microsoft Windows and Linux environments. Essentia is maintained by Essen.

Essentia is prone to a remote denial of service. This condition may be triggered by submitting an excessively long URL (2000+ bytes). Successful exploitation will deny service to legitimate users and will require that the webserver be restarted to regain normal functionality.

This problem is due to a lack of bounds-checking on the length of URLs. Because of this, an attacker may also be able to exploit this condition to execute arbitrary code.

This issue was reported for Essentia Web Sever v2.1; earlier versions may also be affected.