PT-2022-15947 · Softing · Softing Secure Integration Server

Pedro Ribeiro

Published

2022-08-17

Updated

2022-08-23

CVE-2022-2335

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Softing Secure Integration Server version V1.22

Description A denial-of-service condition can be created in the software by sending a crafted HTTP packet with a -1 content-length header. This issue affects the Softing Secure Integration Server, allowing an attacker to potentially disrupt service.

Recommendations For Softing Secure Integration Server version V1.22, consider restricting access to the HTTP endpoint to minimize the risk of exploitation until a patch is available. As a temporary workaround, disabling the handling of HTTP packets with negative content-length headers may help mitigate the issue.

Fix

Integer Underflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-191

Related Identifiers

CVE-2022-2335

ZDI-22-1160

Affected Products

Softing Secure Integration Server

PT-2022-15947 · Softing · Softing Secure Integration Server

CVE-2022-2335

Weakness Enumeration

Related Identifiers

Affected Products

References · 6