header-logo
Suggest Exploit
vendor:
LabVIEW
by:
SecurityFocus
7.5
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: LabVIEW
Affected Version From: 6.0.1
Affected Version To: 6.1
Patch Exists: YES
Related CWE: N/A
CPE: a:national_instruments:labview
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux, Microsoft Windows
2002

LabVIEW Web Server Crash Vulnerability

A vulnerability has been reported in some versions of National Instruments LabVIEW for Linux and Microsoft Windows. LabVIEW includes an integrated HTTP server. If a malformed HTTP request is received, it is possible to crash the LabVIEW Web Server and LabVIEW itself. This condition occurs when an HTTP GET request is received and terminated with two new line characters, as opposed to the compliant carriage return / new line combination.

Mitigation:

Ensure that the LabVIEW Web Server is not exposed to untrusted networks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4577/info

A vulnerability has been reported in some versions of National Instruments LabVIEW for Linux and Microsoft Windows.

LabVIEW includes an integrated HTTP server. If a malformed HTTP request is received, it is possible to crash the LabVIEW Web Server and LabVIEW itself. This condition occurs when an HTTP GET request is received and terminated with two new line characters, as opposed to the compliant carriage return / new line combination.

GET\s/\sHTTP/1.0\n\n

Navigation

Suggest Exploit

Services By CQR