CVE-2013-1462

2013-01-31 22:55:01 2015-10-08 16:48:45

Integer signedness error in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (incorrect memory copy) via a SOAPAction header that lacks a " (double quote) character, a different vulnerability than CVE-2013-0230.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

NONE

Integrity

NONE

Availability

COMPLETE

IBM Informix Web DataBlade

Miniupnp project - Miniupnpd

Advisory	Patch	Confirmed	Link
			https://community.rapid7.com/community/infosec/blog/2013...
			https://community.rapid7.com/servlet/JiveServlet/downloa...
			https://community.rapid7.com/servlet/servlet.FileDownloa...

Numeric Errors (ID 189)

Related CVE(s) 1 CVE-2013-0230 CVSS 10