Vulnerability Description
Integer signedness error in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (incorrect memory copy) via a SOAPAction header that lacks a " (double quote) character, a different vulnerability than CVE-2013-0230.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Miniupnp Project | Miniupnpd | 1.0 |
Related Weaknesses (CWE)
References
- https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in
- https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityF
- https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb
- https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in
- https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityF
- https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb
FAQ
What is CVE-2013-1462?
CVE-2013-1462 is a vulnerability with a CVSS score of 7.8 (HIGH). Integer signedness error in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (incorrect memor...
How severe is CVE-2013-1462?
CVE-2013-1462 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-1462?
Check the references section above for vendor advisories and patch information. Affected products include: Miniupnp Project Miniupnpd.