Two separate issues cause a buffer overflow in the built-in web server that may allow a remote attacker to initiate a DoS attack and execute arbitrary code.
An integer overflow causes unexpected memory allocation that can lead to a buffer overflow.
A predictable mechanism of generating tokens allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism.
A weak cryptographic algorithm with predictable variables may allow sensitive information to be revealed.
An attacker can access sensitive information and usernames via the built-in web service without proper authorization
Sensitive information is transmitted over some web applications in clear text.
Weak password requirements may allow an attacker to gain access by using brute force.
Sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account.
The web service may become temporarily unavailable if an attacker is able to overload the system to cause the service to crash.
Upgrade to latest versions of affected software.