Описание
libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down.
Ссылки
- ExploitPatchThird Party AdvisoryVDB Entry
- ExploitMailing ListPatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- ExploitPatchThird Party AdvisoryVDB Entry
- ExploitMailing ListPatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
EPSS
7.5 High
CVSS3
7.8 High
CVSS2
Дефекты
Связанные уязвимости
libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down.
libhttp/url.c in shellinabox through 2.20 has an implementation flaw i ...
libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down.
EPSS
7.5 High
CVSS3
7.8 High
CVSS2