PT-2007-3537 · Neatupload · Neatupload Asp.Net

Publicado

2007-04-24

Atualizado

2018-10-16

CVE-2007-2197

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions NeatUpload ASP.NET component versions 1.1.18 through 1.1.23 NeatUpload ASP.NET component versions 1.2.11 through 1.2.16 NeatUpload ASP.NET component versions trunk.379 through trunk.445

Description The issue is related to a race condition that allows remote attackers to obtain other clients' HTTP responses. This occurs when multiple simultaneous requests trigger multiple calls to HttpWorkerRequest.FlushResponse for the same HttpWorkerRequest object, causing a buffer to be reused for a different request.

Recommendations For NeatUpload ASP.NET component versions 1.1.18 through 1.1.23, consider restricting simultaneous requests to prevent the race condition. For NeatUpload ASP.NET component versions 1.2.11 through 1.2.16, consider implementing a synchronization mechanism to prevent multiple calls to HttpWorkerRequest.FlushResponse for the same HttpWorkerRequest object. For NeatUpload ASP.NET component versions trunk.379 through trunk.445, consider disabling the affected component until a fix is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2007-2197

Produtos afetados

Neatupload Asp.Net

PT-2007-3537 · Neatupload · Neatupload Asp.Net

CVE-2007-2197

Identificadores relacionados

Produtos afetados

Referências · 5