Описание
The SSL web administration service in NetWin SmsGate 1.1n and earlier allows remote attackers to cause a denial of service (hang) via (1) a large integer in the Content-Length HTTP header; (2) an invalid value in the Content-Length HTTP header, as demonstrated by a negative integer; or (3) a missing Content-Length HTTP header.
Уязвимые конфигурации
Конфигурация 1Версия до 1.1n (включая)
Одно из
cpe:2.3:a:netwin:smsgate:*:*:*:*:*:*:*:*
cpe:2.3:a:netwin:smsgate:1.0a:*:*:*:*:*:*:*
cpe:2.3:a:netwin:smsgate:1.0c:*:*:*:*:*:*:*
cpe:2.3:a:netwin:smsgate:1.0h:*:*:*:*:*:*:*
cpe:2.3:a:netwin:smsgate:1.0r:*:*:*:*:*:*:*
cpe:2.3:a:netwin:smsgate:1.0w:*:*:*:*:*:*:*
cpe:2.3:a:netwin:smsgate:1.1m:*:*:*:*:*:*:*
EPSS
Процентиль: 65%
0.00501
Низкий
5 Medium
CVSS2
Дефекты
CWE-399
Связанные уязвимости
github
больше 3 лет назад
The SSL web administration service in NetWin SmsGate 1.1n and earlier allows remote attackers to cause a denial of service (hang) via (1) a large integer in the Content-Length HTTP header; (2) an invalid value in the Content-Length HTTP header, as demonstrated by a negative integer; or (3) a missing Content-Length HTTP header.
EPSS
Процентиль: 65%
0.00501
Низкий
5 Medium
CVSS2
Дефекты
CWE-399