Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5009

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-5009
Last Modified 16 Feb 2012 11:10:49
Published 24 Dec 2011 08:55:04
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-5009

Summary

The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a crafted Content-Length in an HTTP POST or (2) an invalid HTTP request method.

Vulnerable Systems

Application

  • 3ssoftware Codesys 3.4


References

MISC - http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf

OSVDB - 77389

OSVDB - 77388

SECUNIA - 47018

BUGTRAQ - 20111129 Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2

MISC - http://aluigi.altervista.org/adv/codesys_1-adv.txt

XF - codesys-cmpwebserver-dos(71533)


Last Updated: 27 May 2016 10:57:17