Cogent DataHub < 7.3.4 Malformed POST Request Buffer Overflow RCE
High Nessus Plugin ID 72486
SynopsisThe remote host is running an application that is affected by a remote code execution vulnerability.
DescriptionThe remote host is running a version of Cogent DataHub, formerly known as Cascade DataHub and OFC DataHub, that is prior to 7.3.4. It is, therefore, affected by a remote code execution vulnerability that is triggered when handling malformed POST query strings. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code in the context of the DataHub process.
SolutionUpgrade to Cogent DataHub version 7.3.4 or later.