Check Point Advisories

Update Protection against openwsman HTTP Basic Authentication Buffer Overflow

Check Point Reference: CPAI-2008-235
Date Published: 14 Nov 2008
Severity: High
Last Updated: Tuesday 01 January, 2008
Source: Secunia Advisory:  SA31410
Industry Reference:CVE-2008-2234
Protection Provided by:
Who is Vulnerable? openwsman 1.x
openwsman 2.x
Vulnerability Description A buffer overflow vulnerability was reported in Openwsman. Openwsman is an implementation of Web Services Management (WS-Management) specification. It is used in the VMware Management ServiceConsole. The vulnerability is due to improper bounds checking of HTTP authorization headers. Remote unauthenticated attackers could exploit this vulnerability by sending HTTP requests with overly long header values. Successful exploitation would result in execution of arbitrary code or a denial of service condition.
Vulnerability StatusThe vulnerability has been publicly disclosed.
Vulnerability DetailsIn order for a remote attack to be successful, the attacker needs to have access to the service console network.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK