CVE-2007-2197

Name of the Vulnerable Software and Affected Versions NeatUpload ASP.NET component versions 1.1.18 through 1.1.23 NeatUpload ASP.NET component versions 1.2.11 through 1.2.16 NeatUpload ASP.NET component versions trunk.379 through trunk.445

Description The issue is related to a race condition that allows remote attackers to obtain other clients' HTTP responses. This occurs when multiple simultaneous requests trigger multiple calls to HttpWorkerRequest.FlushResponse for the same HttpWorkerRequest object, causing a buffer to be reused for a different request.

Recommendations For NeatUpload ASP.NET component versions 1.1.18 through 1.1.23, consider restricting simultaneous requests to prevent the race condition. For NeatUpload ASP.NET component versions 1.2.11 through 1.2.16, consider implementing a synchronization mechanism to prevent multiple calls to HttpWorkerRequest.FlushResponse for the same HttpWorkerRequest object. For NeatUpload ASP.NET component versions trunk.379 through trunk.445, consider disabling the affected component until a fix is available.