QwikSec

Security Database

CVE

CWE

Training

CVE-2012-10053

Published: Aug 8, 2025

Modified: Apr 7, 2026

PUBLISHED

Description

Simple Web Server 2.2 rc2 contains a stack-based buffer overflow vulnerability in its handling of the Connection HTTP header. When a remote attacker sends an overly long string in this header, the server uses vsprintf() without proper bounds checking, leading to a buffer overflow on the stack. This flaw allows remote attackers to execute arbitrary code with the privileges of the web server process. The vulnerability is triggered before authentication.

Vendor	Product	Versions
PMSoftware	Simple Web Server	affected `2.2 rc2`

Weaknesses (CWE)

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/sws_connection_bof.rb

exploit

https://www.exploit-db.com/exploits/19937

exploit

https://www.exploit-db.com/exploits/20028

exploit

http://ghostinthelab.wordpress.com/2012/07/19/simplewebserver-2-2-rc2-remote-buffer-overflow-exploit/

technical-description

exploit

http://www.pmx.it/software/sws.asp

product

https://www.vulncheck.com/advisories/simple-web-server-connection-header-buffer-overflow

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.