CVE-2019-16279

Опубликовано: 14 окт. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Критический

Описание

A memory error in the function SSL_accept in nostromo nhttpd through 1.9.6 allows an attacker to trigger a denial of service via a crafted HTTP request.

Ссылки

http://www.nazgul.ch/dev/nostromo_cl.txt
Release Notes
Third Party Advisory
https://git.sp0re.sh/sp0re/Nhttpd-exploits
Exploit
Third Party Advisory
https://sp0re.sh
Not Applicable
http://www.nazgul.ch/dev/nostromo_cl.txt
Release Notes
Third Party Advisory
https://git.sp0re.sh/sp0re/Nhttpd-exploits
Exploit
Third Party Advisory
https://sp0re.sh
Not Applicable

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nazgul:nostromo_nhttpd:*:*:*:*:*:*:*:*

Версия до 1.9.6 (включая)

EPSS

Процентиль: 100%

0.90223

Критический

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

CVE-2019-16279

CVSS3: 7.5

debian

больше 6 лет назад

A memory error in the function SSL_accept in nostromo nhttpd through 1 ...

GHSA-2x32-mwgm-xpr7

CVSS3: 7.5

github

больше 3 лет назад

Directory Traversal in the function SSL_accept in nostromo nhttpd through 1.9.6 allows an attacker to trigger a denial of service via a crafted HTTP request.

EPSS

Процентиль: 100%

0.90223

Критический

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22