exploitDog

CVE-2024-8062

Опубликовано: 20 мар. 2025

Источник: nvd

CVSS3: 7.5

CVSS3: 7.5

EPSS Низкий

Описание

A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of service. The endpoint performs a HEAD request to verify the existence of a specified resource without setting a timeout. An attacker can exploit this by sending multiple requests to an attacker-controlled server that hangs, causing the application to block and become unresponsive to other requests.

Ссылки

https://huntr.com/bounties/a04190d9-4acb-449a-9a7f-f1bf6be1ed23
Exploit
Third Party Advisory
https://huntr.com/bounties/a04190d9-4acb-449a-9a7f-f1bf6be1ed23
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:h2o:h2o:3.46.0:*:*:*:*:*:*:*

EPSS

Процентиль: 29%

0.00101

Низкий

7.5 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-1088

Связанные уязвимости

GHSA-5c8j-g96x-cj78

CVSS3: 7.5

github

11 месяцев назад

H2O Vulnerable to Denial of Service (DoS) via `HEAD` Request

EPSS

Процентиль: 29%

0.00101

Низкий

7.5 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-1088