cbcvebase.
CVE-2011-4881
published 2012-04-13

CVE-2011-4881: The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 does not properly check return values from functions, which allows remote attackers to cause…

PriorityP431medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
7.62%
93.8th percentile
The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 does not properly check return values from functions, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted HTTP request.

Affected

3 ranges
VendorProductVersion rangeFixed in
atvisewebmi2ads<= 2.0.1
atvisewebmi2ads
atvisewebmi2ads

Detection & IOCsextracted from sources · hover to see the quote

port80/TCP
urlhttp://SERVER/shutdown
commandudpsz -c "GET / HTTP/1.0\r\nAuthorization: Basic blah\r\n\r\n" -T -D SERVER 80 -1
commandudpsz -c "POST / HTTP/1.0\r\nContent-Length: -30\r\n\r\n" -T -D SERVER 80 -1
  • Detect NULL pointer dereference DoS trigger: monitor for HTTP requests with an 'Authorization: Basic' header sent to the webMI2ADS web server on port 80/TCP that result in a crash or service termination.
  • Detect resource exhaustion attack: monitor for HTTP POST requests containing a negative Content-Length header value (e.g., Content-Length: -30) targeting port 80/TCP, which causes an endless loop with memory consumption and CPU at 100%.
  • Detect remote shutdown attempt: alert on any HTTP GET request to the /shutdown path on the webMI2ADS web server, which terminates the software without authentication.
  • ·The /shutdown endpoint requires no authentication, meaning any unauthenticated remote attacker can terminate the webMI2ADS service. This is a configuration/design flaw in versions prior to 2.0.2.
  • ·All versions of Certec webMI2ADS prior to 2.0.2 are affected; the fix is to upgrade to version 2.0.2.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.