Stack-Based Buffer Overflow in Simple Web Server 2.2 rc2
CVE-2012-10053

9.3CRITICAL

Key Information:

Vendor

Pmsoftware

Status
Simple Web Server
Vendor
CVE Published:
8 August 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2012-10053?

Simple Web Server 2.2 rc2 contains a stack-based buffer overflow vulnerability resulting from improper handling of the Connection HTTP header. When a remote attacker sends a maliciously crafted long string in this header, the server processes it using vsprintf() without adequate bounds checking, which leads to a buffer overflow condition. This vulnerability allows attackers to execute arbitrary code on the server with the same privileges as the web server process, potentially compromising sensitive data and unauthorized access to the system. Importantly, this vulnerability can be exploited without requiring any form of authentication.

Affected Version(s)

Simple Web Server 2.2 rc2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2012-10053 - Proof of Concept

CVE-2012-10053 - Proof of Concept

CVE-2012-10053 - Proof of Concept

References

https://raw.githubusercontent.com/rapid7/metasploit-frame...
exploit
https://www.exploit-db.com/exploits/19937
exploit
https://www.exploit-db.com/exploits/20028
exploit

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

mr.pr0n
.
CVE-2012-10053 : Stack-Based Buffer Overflow in Simple Web Server 2.2 rc2