Описание
An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections.
EPSS
Процентиль: 71%
0.00655
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-121
Связанные уязвимости
CVSS3: 9.8
github
около 2 месяцев назад
An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections.
EPSS
Процентиль: 71%
0.00655
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-121