CVE-2011-3501

Cogent DataHub <= 7.1.1.63 - Denial of Service via Content-Length Header

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-3501. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary This exploit targets an integer overflow vulnerability in Cogent DataHub's custom web server. By sending a crafted HTTP request with a Content-Length of -1 (or 4294967295), the server allocates a zero-byte buffer, leading to a denial-of-service condition.

Description

Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to cause a denial of service (crash) via a negative or large Content-Length value.

Exploits (1)

exploitdb WORKING POC

by Luigi Auriemma · textdoswindows

https://www.exploit-db.com/exploits/17839

View Code ZIP pw:eip

This exploit targets an integer overflow vulnerability in Cogent DataHub's custom web server. By sending a crafted HTTP request with a Content-Length of -1 (or 4294967295), the server allocates a zero-byte buffer, leading to a denial-of-service condition.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Cogent DataHub <= 7.1.1.63

No auth needed

Prerequisites: network access to the target server on port 80

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit x_refsource_misc

http://aluigi.altervista.org/adv/cogent_3-adv.txt

US Government Resource x_refsource_misc

http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf

Scores

EPSS 0.0302

EPSS Percentile 85.7%

Details

CWE

CWE-189

Status published

Products (5)

cogentdatahub/cogent_datahub 7.0

cogentdatahub/cogent_datahub 7.0.2

cogentdatahub/cogent_datahub 7.1.0

cogentdatahub/cogent_datahub 7.1.1

cogentdatahub/cogent_datahub 7.1.1.63

Published Sep 16, 2011

Tracked Since Feb 18, 2026