Advanced Core Operating System (ACOS) HTTP Requests URI Processing Buffer Overflow Vulnerability


Description   Quantum Leap has reported a vulnerability in Advanced Core Operating System (ACOS), which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error when handling URIs within HTTP requests, which can be exploited to cause a buffer overflow by sending a specially crafted HTTP request containing an overly long URI.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in versions prior to 2.7.1-P1_55.
     
Vulnerable Products   Vulnerable OS:
Advanced Core Operating System (ACOS) 2.xVulnerable Software:
     
Solution   Update to version 2.7.1-P1_55 or 2.8.0.
     
CVE  
     
References   Quantum Leap:
http://www.quantumleap.it/a10-networks-remote-buffer-overflow-softax/
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Possible buffer overflow on URL
3.2.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2014-04-02 

 Target Type 
Server 

 Possible exploit 
Remote