CVE-2013-1462 - Integer signedness error in the ExecuteSoapAction function in the SOAPAction handler in the HTTP ser

CVE-2013-1462

Summary

Integer signedness error in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (incorrect memory copy) via a SOAPAction header that lacks a " (double quote) character, a different vulnerability than CVE-2013-0230.

References

https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf
https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb

Vulnerable Configurations

cpe:2.3:a:miniupnp_project:miniupnpd:1.0:*:*:*:*:*:*:*
cpe:2.3:a:miniupnp_project:miniupnpd:1.0:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 08-10-2015 - 14:48)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

refmap via4

misc

https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf
https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb

Last major update

08-10-2015 - 14:48

Published

31-01-2013 - 21:55

Last modified

08-10-2015 - 14:48