Vulnerability Description
The ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and service crash) via a SOAPAction header that lacks a # (pound sign) character, a different vulnerability than CVE-2013-0230.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Miniupnp Project | Miniupnpd | 1.0 |
References
- https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in
- https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityF
- https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb
- https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in
- https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityF
- https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb
FAQ
What is CVE-2013-1461?
CVE-2013-1461 is a vulnerability with a CVSS score of 7.8 (HIGH). The ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and service crash)...
How severe is CVE-2013-1461?
CVE-2013-1461 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-1461?
Check the references section above for vendor advisories and patch information. Affected products include: Miniupnp Project Miniupnpd.