PT-2013-3147 · Miniupnp · Miniupnpd

Hd Moore

Published

2013-01-31

Updated

2015-10-08

CVE-2013-1461

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions MiniUPnPd version 1.0

Description The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and service crash. This is achieved by sending a SOAPAction header that lacks a # (pound sign) character.

Recommendations For MiniUPnPd version 1.0, as a temporary workaround, consider restricting access to the SOAPAction handler in the HTTP service until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2013-1461

Affected Products

Miniupnpd

PT-2013-3147 · Miniupnp · Miniupnpd

CVE-2013-1461

Related Identifiers

Affected Products

References · 4