Summary
This host is running Optima PLC APIFTP Server and is prone to multiple denial of service vulnerabilities.
Impact
Successful exploitation may allow remote attackers to cause the application to crash, creating a denial of service condition.
Impact Level: Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
Multiple errors in the APIFTP Server (APIFTPServer.exe) when handling certain specially crafted packets sent to TCP port 10260 and be exploited to cause a NULL pointer dereference or an infinite loop.
Affected
Optima PLC APIFTP version 2.14.6 and prior
References
Severity
Classification
-
CVE CVE-2012-5048, CVE-2012-5049 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities
- Foxit Reader Multiple Denial of Service Vulnerabilities - Jun09
- Avaya IP Office Manager TFTP Denial of Service Vulnerability
- Firefox XSL Parsing Vulnerability (Win)
- Apple QuickTime Multiple Denial of Service Vulnerabilities - (Windows)
- Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Linux)