NaviCOPA Web Server Remote Buffer Overflow And Source Code Information Disclosure Vulnerabilities Network Vulnerability

Summary

NaviCOPA Web Server is prone to a remote buffer-overflow vulnerability and an information-disclosure vulnerability because the application fails to properly bounds-check or validate user-supplied input. Successful exploits of the buffer-overflow issue may lead to the execution of arbitrary code in the context of the application or to denial-of-service conditions. Also, attackers can exploit the information-disclosure issue to retrieve arbitrary source code in the context of the webserver process. Information harvested may aid in further attacks. NaviCOPA Web Server 3.01 is vulnerable other versions may also be affected.

Solution

The vendor reports that NaviCOPA 3.01, with a release date of February 6, 2009, addresses this issue. Contact the vendor for details.

References

http://www.navicopa.com/
http://www.securityfocus.com/archive/1/500626
http://www.securityfocus.com/bid/33585

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

bozohttpd Security Bypass Vulnerability
IBM WebSphere Application Server WS-Security XML Encryption Weakness Vulnerability
Apache HTTP Server mod_proxy_ajp Process Timeout DoS Vulnerability (Windows)
Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
IBM WebSphere Application Server Multiple CSRF Vulnerabilities

NaviCOPA Web Server Remote Buffer Overflow and Source Code Information Disclosure Vulnerabilities

Take action and discover your vulnerabilities