Title: MediaHouse Statistics Server "Server ID" Buffer Overflow Vulnerability
Severity: MODERATE
Description:
The web interface for Statistics Server contains an unchecked buffer which accepts input from the "Server ID" field of the login webpage. While the login webpage has a 16 character restriction, this is easily circumventible by editing the HTML to remove the restriction. Entering a string of more than 3773 characters will crash the server. This bug could potentially be used to remotely execute arbitrary code.
Affected Products:
- MediaHouse Software Statistics Server 4.28.0
- MediaHouse Software Statistics Server 5.1.0
References:
- MediaHouse Software Inc.: Statistics Server by MediaHouse Software Inc.
- Per Bergehed: Security flaw in Mediahouse Statistics Server 4.28 & 5.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
