Summary
NaviCOPA Web Server is prone to a remote buffer-overflow vulnerability and an information-disclosure vulnerability because the application fails to properly bounds-check or validate user-supplied input.
Successful exploits of the buffer-overflow issue may lead to the execution of arbitrary code in the context of the application or to denial-of-service conditions. Also, attackers can exploit the information-disclosure issue to retrieve arbitrary source code in the context of the webserver process. Information harvested may aid in further attacks.
NaviCOPA Web Server 3.01 is vulnerable
other versions may also
be affected.
Solution
The vendor reports that NaviCOPA 3.01, with a release date of February 6, 2009, addresses this issue. Contact the vendor for details.
References
Severity
Classification
-
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Boa Webserver Terminal Escape Sequence in Logs Command Injection Vulnerability
- IIS IDA/IDQ Path Disclosure
- IBM WebSphere Application Server JSF Application Information Disclosure Vulnerability
- IOServer Trailing Backslash Multiple Directory Traversal Vulnerabilities
- Acritum Femitter Server URI Directory Traversal Vulnerability