VYPR

IDAL HTTP Server

by Abb

CVEs (3)

  • CVE-2019-7232Jun 24, 2019
    risk 0.01cvss epss 0.52

    The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. The Host header value overflows a buffer and overwrites a Structured Exception Handler (SEH) address. An unauthenticated attacker can submit a Host header value of 2047…

  • CVE-2019-7226Jun 27, 2019
    risk 0.00cvss epss 0.05

    The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Specifically, /cgi/loginDefaultUser creates a session in an authenticated state and returns the session ID along with…

  • CVE-2019-7228Jun 27, 2019
    risk 0.00cvss epss 0.04

    The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack.