Lucene search

[email protected]NVD:CVE-2012-6570

HistoryJun 20, 2013 - 3:55 p.m.

CVE-2012-6570

2013-06-2015:55:00

CWE-119

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.3%

JSON

The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches does not check whether HTTP data is longer than the value of the Content-Length field, which allows remote HTTP servers to conduct heap-based buffer overflow attacks and execute arbitrary code via a crafted response.

Affected configurations

NVD

Node

huaweiar_18-1xRange≤r0130

huaweiar_18-2xRange≤r1712

huaweiar_18-3xRange≤r0118

huaweiar_19\/29\/49Range≤r2207

huaweiar_28\/46Range≤r0311

Node

huaweis2000Matchr6305

huaweis2300Matchr6305

huaweis2700Matchr6305

huaweis3000Matchr6305

huaweis3300Matchr6305

huaweis3300hiMatchr6305

huaweis3500Matchr6305

huaweis3700Matchr6305

huaweis3900Matchr6305

huaweis5100Matchr6305

huaweis5600Matchr6305

huaweis7800Matchr6305

huaweis8500Matchr1631

huaweis8500Matchr1632

References

www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194361.htm

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.3%

JSON

Related for NVD:CVE-2012-6570

cvelist1 cve2 prion1 nvd1