Описание
Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| pound | fixed | 2.8-2 | package | |
| pound | fixed | 2.7-1.3+deb9u1 | stretch | package |
| pound | fixed | 2.6-6+deb8u2 | jessie | package |
Примечания
https://admin.hostpoint.ch/pipermail/pound_apsis.ch/2018-May/000054.html
The exact scope of CVE-2018-21245 (a related issue to CVE-2016-10711) was
as well fixed with the same changes as done upstream for 2.8. The backport
for 2.7 was a backport of all security relevant changes between 2.7 and 2.8.
The same corrections were made in 2.6 version for jessie so fixed in that too.
EPSS
Процентиль: 52%
0.00287
Низкий
Связанные уязвимости
CVSS3: 9.1
ubuntu
больше 5 лет назад
Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711.
CVSS3: 9.1
nvd
больше 5 лет назад
Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711.
github
больше 3 лет назад
Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711.
EPSS
Процентиль: 52%
0.00287
Низкий