Skip to main content

Cogent Datahub CVE-2014-3788

HIGH
Buffer Overflow (CWE-119)
2014-05-22 cve@mitre.org
7.5
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
May 22, 2014 - 23:55 cve.org
HIGH 7.5

DescriptionCVE.org

Heap-based buffer overflow in the Web Server in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary code via a negative value in the Content-Length field in a request.

AnalysisAI

Heap-based buffer overflow in the Web Server in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary code via a negative value in the Content-Length field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Heap-based buffer overflow in the Web Server in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary code via a negative value in the Content-Length field in a request. Affected products include: Cogentdatahub Cogent Datahub. Version information: before 7.3.5.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2014-3789 HIGH POC
7.5 May 22

GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary

CVE-2013-0680 HIGH POC
7.5 Apr 05

Stack-based buffer overflow in the web server in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub befor

CVE-2016-2288 HIGH POC
7.8 Mar 29

Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file

CVE-2014-2352 HIGH
7.8 May 30

The directory specifier can include designators that can be used to traverse the directory path. Rated high severity (CV

CVE-2013-0682 HIGH
7.5 Apr 05

Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Window

CVE-2014-2353 HIGH
7.1 May 30

Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web

CVE-2013-0683 HIGH
7.1 Apr 05

The DataSim and DataPid demonstration clients in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub befor

CVE-2014-2354 MEDIUM
6.0 May 30

Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent att

CVE-2012-0310 MEDIUM
5.8 Jan 13

CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.

CVE-2013-0681 MEDIUM
5.0 Apr 05

Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Window

CVE-2012-0309 MEDIUM
4.3 Jan 13

Cross-site scripting (XSS) vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OP

Share

CVE-2014-3788 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy