Trihedral VTScada 6.5.x < 9.1.20 / 10.x < 10.2.22 / 11.x < 11.1.09 HTTP Server DoS
High Nessus Plugin ID 84587
SynopsisAn application running on the remote host is affected by a denial of service vulnerability.
DescriptionThe version of Trihedral Engineering VTScada installed on the remote host is prior to 9.1.20, 10.x prior to 10.2.22, or 11.x prior to 11.1.09. It is, therefore, affected by a denial of service vulnerability due to an integer overflow condition in the included HTTP server. A remote, unauthenticated attacker, using a crafted packet containing small negative content length, can exploit this issue to trigger a large memory allocation, resulting in a server crash.
SolutionUpgrade to Trihedral Engineering VTScada version 9.1.20 / 10.2.22 / 11.1.09 or later.