Inductive Automation Ignition 7.8.1 Remote Leakage Of Shared Buffers
Posted by deepcore on February 17, 2016 – 8:21 am
Remote unauthenticated attackers are able to read arbitrary data from other HTTP sessions because Ignition uses a vulnerable Jetty server. When the Jetty web server receives a HTTP request, the below code is used to parse through the HTTP headers and their associated values. Inductive Automation versions 7.8.1 (b2016012216) and 7.8.0 (b2015101414) are affected.
Post a reply
You must be logged in to post a comment.