CVE-2011-0488

Name of the Vulnerable Software and Affected Versions InduSoft NTWebServer versions 6.1 through 7.0

Description The issue is a stack-based buffer overflow in NTWebServer.exe, which can be exploited by sending a long request to TCP port 80. This can cause a denial of service, resulting in a daemon crash, or potentially allow the execution of arbitrary code.

Recommendations For InduSoft NTWebServer versions 6.1 through 7.0, consider restricting access to TCP port 80 until a patch is available. As a temporary workaround, limiting the length of requests to the test web service may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.