CVE-2011-4881
published 2012-04-13CVE-2011-4881: The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 does not properly check return values from functions, which allows remote attackers to cause…
PriorityP431medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
7.62%
93.8th percentile
The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 does not properly check return values from functions, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted HTTP request.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atvise | webmi2ads | <= 2.0.1 | — |
| atvise | webmi2ads | — | — |
| atvise | webmi2ads | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect NULL pointer dereference DoS trigger: monitor for HTTP requests with an 'Authorization: Basic' header sent to the webMI2ADS web server on port 80/TCP that result in a crash or service termination. ↗
- →Detect resource exhaustion attack: monitor for HTTP POST requests containing a negative Content-Length header value (e.g., Content-Length: -30) targeting port 80/TCP, which causes an endless loop with memory consumption and CPU at 100%. ↗
- →Detect remote shutdown attempt: alert on any HTTP GET request to the /shutdown path on the webMI2ADS web server, which terminates the software without authentication. ↗
- ·The /shutdown endpoint requires no authentication, meaning any unauthenticated remote attacker can terminate the webMI2ADS service. This is a configuration/design flaw in versions prior to 2.0.2. ↗
- ·All versions of Certec webMI2ADS prior to 2.0.2 are affected; the fix is to upgrade to version 2.0.2. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Certec atvise webMI2ADS Vulnerabilities
cisa_ics·2018-08-23
Certec atvise webMI2ADS Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Certec atvise webMI2ADS Vulnerabilities
Last RevisedAugust 23, 2018
Alert CodeICSA-12-102-01
## Overview
This advisory is a follow-up to the ICS-CERT alert titled ICS-ALERT-11-283-02 – Certec atvise webMI Vulnerabilities, released to the ICS-CERT web page on October 10, 2011.
Independent researcher Luigi Auriemma has identified vulnerabilities in Certec’s webMI2ADS application. These vulnerabilities and proof of concept code were disclosed without coordination with ICS-CERT, the vendor, or any other coordinating entity. Certec has produced an update that resolves these vulnerab
GHSA
GHSA-fhp7-8ch6-gj93: The web server in Certec atvise webMI2ADS (aka webMI) before 2
ghsa_unreviewed·2022-05-17
CVE-2011-4881 [MEDIUM] GHSA-fhp7-8ch6-gj93: The web server in Certec atvise webMI2ADS (aka webMI) before 2
The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 does not properly check return values from functions, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted HTTP request.
No detection rules found.
No writeups or analysis indexed.
2012-04-13
Published