CVE-2010-2054

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Integer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB 1.3.4 through 1.3.7, when the configuration sets httpMaxContentLength to a zero value, allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a large integer in the Content-Length HTTP header, aka bug #3001915. NOTE: some of these details are obtained from third party information.

References

http://marc.info/?l=bugtraq&m=127549079109192&w=2

http://sblim.cvs.sourceforge.net/viewvc/sblim/sfcb/httpAdapter.c?r1=1.85&r2=1.86

http://secunia.com/advisories/40018

http://sourceforge.net/tracker/index.php?func=detail&aid=3001915&group_id=128809&atid=712784

http://www.vupen.com/english/advisories/2010/1312

Details

Source: MITRE

Published: 2010-06-15

Updated: 2010-06-15

Type: CWE-189

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (5 total)

IDNameProductFamilySeverity
89681VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0013) (remote check)NessusMisc.
critical
56665VMSA-2011-0013 : VMware third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESXNessusVMware ESX Local Security Checks
critical
49152Fedora 13 : sblim-sfcb-1.3.8-1.fc13 (2010-10323)NessusFedora Local Security Checks
critical
49104Fedora 12 : sblim-sfcb-1.3.8-1.fc12 (2010-12847)NessusFedora Local Security Checks
critical
46802SBLIM-SFCB Multiple Buffer OverflowsNessusWeb Servers
critical