{
"id": 826,
"title": "The ABB IDAL HTTP server is vulnerable to a buffer overflow when ",
"type": "bug",
"description": "The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. The Host header value overflows a buffer and overwrites a Structured Exception Handler (SEH) address. An unauthenticated attacker can submit a Host header value of 2047 bytes or more to overflow the buffer and overwrite the SEH address, which can then be leveraged to execute attacker-controlled code on the server.",
"cwe": "CWE-119",
"cve": "CVE-2019-7232",
"keywords": "",
"system": "",
"vendor": null,
"severity": {
"rvss-score": 0,
"rvss-vector": "",
"severity-description": "",
"cvss-score": 5.8,
"cvss-vector": "CVSS:3.0/AV:A/AC:L/Au:N/C:P/I:P/A:P"
},
"links": [
"http://packetstormsecurity.com/files/153403/ABB-IDAL-HTTP-Server-Stack-Based-Buffer-Overflow.html",
"http://seclists.org/fulldisclosure/2019/Jun/40",
"http://www.securityfocus.com/bid/108886",
"https://search.abb.com/library/Download.aspx?DocumentID=3ADR010377&LanguageCode=en&DocumentPartId=&Action=Launch",
"https://www.darkmatter.ae/xen1thlabs/published-advisories/",
"https://github.com/aliasrobotics/RVD/issues/826"
],
"flaw": {
"phase": "unknown",
"specificity": "N/A",
"architectural-location": "N/A",
"application": "N/A",
"subsystem": "N/A",
"package": "N/A",
"languages": "None",
"date-detected": "",
"detected-by": "",
"detected-by-method": "N/A",
"date-reported": "2019-06-24",
"reported-by": "cve@mitre.org",
"reported-by-relationship": "N/A",
"issue": "https://github.com/aliasrobotics/RVD/issues/826",
"reproducibility": "",
"trace": "",
"reproduction": "",
"reproduction-image": ""
},
"exploitation": {
"description": "",
"exploitation-image": "",
"exploitation-vector": ""
},
"mitigation": {
"description": "",
"pull-request": ""
}
}