PT-2012-5931 · At32 · At32 Reverse Proxy

Published

2012-10-08

Updated

2017-08-29

CVE-2012-5332

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions at32 Reverse Proxy version 1.060.310

Description The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash, by sending a long string in an HTTP header field. This can be achieved using the If-Unmodified-Since field.

Recommendations For version 1.060.310, consider restricting the length of strings allowed in HTTP header fields to prevent the denial of service. As a temporary workaround, restrict access to the If-Unmodified-Since field until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2012-5332

Affected Products

At32 Reverse Proxy

PT-2012-5931 · At32 · At32 Reverse Proxy

CVE-2012-5332

Related Identifiers

Affected Products

References · 5