Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	HTTP:CTS:ELOG-PROJ-DOS
Severity	Minor
Recommended	No
Recommended Action	Drop
Category	HTTP
Keywords	ELOG Project ELOG show_uploader_json NULL Pointer Dereference Denial of Service
Release Date	2020/01/17
Update Number	3245
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: ELOG Project ELOG show_uploader_json NULL Pointer Dereference Denial of Service

This signature detects attempts to exploit a known vulnerability against ELOG Project. A successful attack can result in a denial-of-service condition.

Extended Description

ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a NULL pointer dereference. A remote unauthenticated attacker can crash the ELOG server by sending a crafted HTTP GET request.

Affected Products

Elog_project elog 3.1.4-57bea22

References

CVE: CVE-2020-8859
CVE: CVE-2019-3995
URL: https://www.tenable.com/security/research/tra-2019-53
URL: https://bitbucket.org/ritt/elog/src/32ba07e19241e0bcc68aaa640833424fb3001956/src/elogd.c?at=master

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: ELOG Project ELOG show_uploader_json NULL Pointer Dereference Denial of Service

Extended Description

Affected Products

References