Описание
The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. The Host header value overflows a buffer and overwrites a Structured Exception Handler (SEH) address. An unauthenticated attacker can submit a Host header value of 2047 bytes or more to overflow the buffer and overwrite the SEH address, which can then be leveraged to execute attacker-controlled code on the server.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- ExploitMailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- MitigationPatchVendor Advisory
- Third Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- ExploitMailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- MitigationPatchVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Одновременно
EPSS
8.8 High
CVSS3
5.8 Medium
CVSS2
Дефекты
Связанные уязвимости
The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. The Host header value overflows a buffer and overwrites a Structured Exception Handler (SEH) address. An unauthenticated attacker can submit a Host header value of 2047 bytes or more to overflow the buffer and overwrite the SEH address, which can then be leveraged to execute attacker-controlled code on the server.
Уязвимость HTTP-сервера IDAL инструмента проектирования пользовательского интерфейса PB610 Panel Builder 600 (SAP500900R0101), позволяющая нарушителю выполнить произвольный код
EPSS
8.8 High
CVSS3
5.8 Medium
CVSS2