CVE-2012-1465 : Stack-based buffer overflow in the HTTP Server in NetMechanica NetDecision befor

Stack-based buffer overflow in the HTTP Server in NetMechanica NetDecision before 4.6.1 allows remote attackers to cause a denial of service (application crash) via a long URL in an HTTP request. NOTE: some of these details are obtained from third party information.

Published 2012-03-19 19:55:04

Updated 2025-04-11 00:51:22

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowDenial of service

Products affected by CVE-2012-1465

Netmechanica » Netdecision
Versions up to, including, (<=) 4.5.1
cpe:2.3:a:netmechanica:netdecision:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2012-1465

EPSS FAQ

83.63%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2012-1465

NetDecision NOCVision Server Directory Traversal

Disclosure Date: 2012-03-07

First seen: 2020-04-26

auxiliary/scanner/http/netdecision_traversal

This module exploits a directory traversal bug in NetDecision's TrafficGrapherServer.exe service. This is done by using "...\" in the path to retrieve a file on a vulnerable machine. Authors: - Luigi Auriemma - sinn3r <sinn3r@metasploit.com>

More information
NetDecision 4.5.1 HTTP Server Buffer Overflow

Disclosure Date: 2012-02-24

First seen: 2020-04-26

exploit/windows/http/netdecision_http_bof

This module exploits a vulnerability found in NetDecision's HTTP service (located in C:\Program Files\NetDecision\Bin\HttpSvr.exe). By supplying a long string of data to the URL, an overflow may occur if the data gets handled by HTTP Server's active window. In ot

More information

CVSS scores for CVE-2012-1465

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2012-1465

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-1465

http://www.netmechanica.com/news/?news_id=26

CVEs referencing this url
http://secpod.org/blog/?p=484

404 Not Found
Exploit
http://secpod.org/advisories/SecPod_Netmechanica_NetDecision_HTTP_Server_DoS_Vuln.txt

404 Not Found
Exploit
http://www.securityfocus.com/bid/52194

NetDecision HTTP Server Stack-Based Buffer Overflow Vulnerability
Exploit
http://www.exploit-db.com/exploits/18541

Netmechanica NetDecision HTTP Server - Denial of Service - Windows dos Exploit
Exploit
http://osvdb.org/79651
https://exchange.xforce.ibmcloud.com/vulnerabilities/73528

NetDecision HTTP request denial of service CVE-2012-1465 Vulnerability Report
http://secunia.com/advisories/48168

Sign in
Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/52208

NetDecision HTTP Server Long HTTP Request Remote Denial of Service Vulnerability
Exploit

Jump to

Vulnerability Details : CVE-2012-1465