CVE-2008-5284

IEA Software RadiusNT/RadX <5.1.44 - DoS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5284. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary This exploit triggers a denial-of-service vulnerability in multiple IEA Software products by sending a malformed HTTP POST request with an excessively large Content-Length value (2147483647). The vulnerability causes the affected application to crash due to improper handling of the request.

Description

The web server in IEA Software RadiusNT and RadiusX 5.1.38 and other versions before 5.1.44, Emerald 5.0.49 and other versions before 5.0.52, Air Marshal 2.0.4 and other versions before 2.0.8, and Radius test client (aka Radlogin) 4.0.20 and earlier, allows remote attackers to cause a denial of service (crash) via an HTTP Content-Length header with a negative value, which triggers a single byte overwrite of memory using a NULL terminator. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Luigi Auriemma · textdosmultiple

https://www.exploit-db.com/exploits/31128

View Code ZIP pw:eip

This exploit triggers a denial-of-service vulnerability in multiple IEA Software products by sending a malformed HTTP POST request with an excessively large Content-Length value (2147483647). The vulnerability causes the affected application to crash due to improper handling of the request.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: IEA Software (Emerald 5.0.49 and prior, RadiusNT and RadiusX 5.1.38 and prior, Radius test client 4.0.20 and prior, Air Marshal 2.0.4 and prior)

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →