Vulnerabilities > CVE-2011-5009 - Unspecified vulnerability in 3Ssoftware Codesys 3.4
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a crafted Content-Length in an HTTP POST or (2) an invalid HTTP request method.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description NULL Pointer Invalid HTTP Request Parsing Remote DoS. CVE-2011-5009. Dos exploits for multiple platform id EDB-ID:36378 last seen 2016-02-04 modified 2011-11-30 published 2011-11-30 reporter Luigi Auriemma source https://www.exploit-db.com/download/36378/ title CoDeSys 3.4 NULL Pointer Invalid HTTP Request Parsing Remote DoS description CoDeSys 3.4 HTTP POST Request NULL Pointer Content-Length Parsing Remote DoS. CVE-2011-5009. Dos exploits for multiple platform id EDB-ID:36377 last seen 2016-02-04 modified 2011-11-30 published 2011-11-30 reporter Luigi Auriemma source https://www.exploit-db.com/download/36377/ title CoDeSys 3.4 HTTP POST Request NULL Pointer Content-Length Parsing Remote DoS
References
- http://aluigi.altervista.org/adv/codesys_1-adv.txt
- http://seclists.org/bugtraq/2011/Nov/178
- http://secunia.com/advisories/47018
- http://www.osvdb.org/77388
- http://www.osvdb.org/77389
- http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71533