CVE-2011-4883

atvise webMI2ADS < 2.0.2 - Denial of Service via HTTP Request Validation Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4883. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in atvise webMI2ADS, including directory traversal, NULL pointer dereference, remote shutdown, and resource consumption via crafted HTTP requests. It provides functional commands using external tools (mydown, udpsz) to trigger these issues.

Description

The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 does not properly validate values in HTTP requests, which allows remote attackers to cause a denial of service (resource consumption) via a crafted request.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Luigi Auriemma · textdoswindows

https://www.exploit-db.com/exploits/17963

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in atvise webMI2ADS, including directory traversal, NULL pointer dereference, remote shutdown, and resource consumption via crafted HTTP requests. It provides functional commands using external tools (mydown, udpsz) to trigger these issues.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: atvise webMI2ADS <= 1.0

No auth needed

Prerequisites: Network access to the target server · External tools (mydown, udpsz)

MITRE ATT&CK

T1006 - Direct Volume Access T1499 - Endpoint Denial of Service T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

US Government Resource x_refsource_misc

http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-01.pdf

Scores

EPSS 0.0316

EPSS Percentile 86.3%

Details

CWE

CWE-20

Status published

Products (3)

atvise/webmi2ads 1.0

atvise/webmi2ads 2.0

atvise/webmi2ads < 2.0.1

Published Apr 13, 2012

Tracked Since Feb 18, 2026