Kelly Leuschner of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered two vulnerabilities in Micrium uc-HTTP’s HTTP server that could cause denial-of-service conditions. An attacker could trigger these vulnerabilities by targeting the user machine with specially crafted HTTP requests. The uC-HTTP server implementation is designed to be used on embedded systems running the µC/OS II or µC/OS III RTOS kernels. This HTTP server supports many features, including persistent connections, form processing, chunked transfer encoding, HTTP header fields processing, HTTP query string processing and dynamic content.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Micrium to disclose these vulnerabilities and ensure that an update is available.
Vulnerability details
Micrium uC-HTTP HTTP Server unchecked return value denial-of-service vulnerability (TALOS-2020-1193/CVE-2020-13582)
A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
Read the complete vulnerability advisory here for additional information.
Micrium uC-HTTP HTTP Server null pointer dereference denial-of-service vulnerability (TALOS-2020-1194/CVE-2020-13583)
A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
Read the complete vulnerability advisory here for additional information.
Versions tested
Talos tested and confirmed that these vulnerabilities affect Micrium uC-HTTP, version 3.01.00.
Coverage
The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.
Snort Rules: 56199