CVE-2009-0751

Yaws before 1.80 allows remote attackers to cause a denial of service (memory consumption and crash) via a request with a large number of headers.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/33979	Vendor Advisory
http://secunia.com/advisories/34239
http://www.debian.org/security/2009/dsa-1740
http://www.openwall.com/lists/oss-security/2009/02/19/1
http://www.securityfocus.com/bid/33834
http://www.vupen.com/english/advisories/2009/0590
http://yaws.hyber.org/	Vendor Advisory
https://www.exploit-db.com/exploits/8148

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:yaws:yaws::::::::
	cpe:2.3:a:yaws:yaws:1.50:::::::*
	cpe:2.3:a:yaws:yaws:1.51:::::::*
	cpe:2.3:a:yaws:yaws:1.52:::::::*
	cpe:2.3:a:yaws:yaws:1.53:::::::*
	cpe:2.3:a:yaws:yaws:1.54:::::::*
	cpe:2.3:a:yaws:yaws:1.55:::::::*
	cpe:2.3:a:yaws:yaws:1.56:::::::*
	cpe:2.3:a:yaws:yaws:1.57:::::::*
	cpe:2.3:a:yaws:yaws:1.58:::::::*
	cpe:2.3:a:yaws:yaws:1.61:::::::*
	cpe:2.3:a:yaws:yaws:1.62:::::::*
	cpe:2.3:a:yaws:yaws:1.63:::::::*
	cpe:2.3:a:yaws:yaws:1.64:::::::*
	cpe:2.3:a:yaws:yaws:1.65:::::::*
	cpe:2.3:a:yaws:yaws:1.66:::::::*
	cpe:2.3:a:yaws:yaws:1.67:::::::*
	cpe:2.3:a:yaws:yaws:1.68:::::::*
	cpe:2.3:a:yaws:yaws:1.70:::::::*
	cpe:2.3:a:yaws:yaws:1.71:::::::*
	cpe:2.3:a:yaws:yaws:1.72:::::::*
	cpe:2.3:a:yaws:yaws:1.73:::::::*
	cpe:2.3:a:yaws:yaws:1.74:::::::*
	cpe:2.3:a:yaws:yaws:1.75:::::::*
	cpe:2.3:a:yaws:yaws:1.76:::::::*
	cpe:2.3:a:yaws:yaws:1.77:::::::*
	cpe:2.3:a:yaws:yaws:1.78:::::::*

History

No history.

Information

Published : 2009-03-02 22:30

Updated : 2017-09-29 01:34

NVD link : CVE-2009-0751

Mitre link : CVE-2009-0751

CVE.ORG link : CVE-2009-0751

JSON object : View

Products Affected

yaws

yaws

CWE

CWE-399

Resource Management Errors

{"id": "CVE-2009-0751", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-03-02T22:30:00.250", "references": [{"url": "http://secunia.com/advisories/33979", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/34239", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2009/dsa-1740", "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2009/02/19/1", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/33834", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2009/0590", "source": "cve@mitre.org"}, {"url": "http://yaws.hyber.org/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/8148", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "Yaws before 1.80 allows remote attackers to cause a denial of service (memory consumption and crash) via a request with a large number of headers."}, {"lang": "es", "value": "Vulnerabilidad en el servidor web Yaws en sus versiones anteriores a v1.30 que permite a atacantes remotos causar una denegaci\u00f3n de servicio (agotamiento de la memoria y ca\u00edda del servicio) a trav\u00e9s de peticiones con un gran n\u00famero de cabeceras."}], "lastModified": "2017-09-29T01:34:00.060", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:yaws:yaws:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C46DD252-6005-4E5A-9D11-F3FBF6410453", "versionEndIncluding": "1.79"}, {"criteria": "cpe:2.3:a:yaws:yaws:1.50:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "992B1D73-29BD-454E-B1A7-62B812D186C3"}, {"criteria": "cpe:2.3:a:yaws:yaws:1.51:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "684FE8BF-66B0-4135-958F-E5198DF7CA6D"}, {"criteria": "cpe:2.3:a:yaws:yaws:1.52:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AE18953-7DF2-4E14-9368-F51AE9B300B8"}, {"criteria": "cpe:2.3:a:yaws:yaws:1.53:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "399F854C-C07E-42A8-B7E6-EED32DD4061E"}, {"criteria": "cpe:2.3:a:yaws:yaws:1.54:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEC2C7DD-C87D-4FB5-B3E9-E6BE55D1CDAE"}, {"criteria": "cpe:2.3:a:yaws:yaws:1.55:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAE09563-F7F2-4EE2-B97C-AF75F1884C39"}, {"criteria": "cpe:2.3:a:yaws:yaws:1.56:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB429B9B-D2E9-4AAA-9EB6-CA9DBC82D64C"}, {"criteria": "cpe:2.3:a:yaws:yaws:1.57:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBA1F732-E68A-4922-8B5B-D023E96EE21A"}, {"criteria": "cpe:2.3:a:yaws:yaws:1.58:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1839141-82D5-4E88-8F28-EB26E97F1A0E"}, {"criteria": "cpe:2.3:a:yaws:yaws:1.61:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62B3E003-B9F6-4793-BA89-1F3E13B91B7A"}, {"criteria": "cpe:2.3:a:yaws:yaws:1.62:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1828466-3EAA-4B40-946A-B6400177155B"}, {"criteria": "cpe:2.3:a:yaws:yaws:1.63:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C2DF037-3854-48AE-BBF7-087ADE80ED2E"}, {"criteria": "cpe:2.3:a:yaws:yaws:1.64:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F394C56-A5C1-4616-B0B0-0EEC3AA0C864"}, {"criteria": "cpe:2.3:a:yaws:yaws:1.65:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42D1FC96-87A6-4C42-BDED-79DD462DD47A"}, {"criteria": "cpe:2.3:a:yaws:yaws:1.66:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC1335E6-D02B-403C-9878-FED0095874AF"}, {"criteria": "cpe:2.3:a:yaws:yaws:1.67:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5E253A0-BDC9-480B-8C2B-FE9C33F12F84"}, {"criteria": "cpe:2.3:a:yaws:yaws:1.68:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09CFB1DE-D860-438C-A9E7-A7372154925F"}, {"criteria": "cpe:2.3:a:yaws:yaws:1.70:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE02B9FE-300B-4191-B623-0883BD69DE22"}, {"criteria": "cpe:2.3:a:yaws:yaws:1.71:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C55AF6B3-800C-4E80-8D2D-EF164C108004"}, {"criteria": "cpe:2.3:a:yaws:yaws:1.72:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "206F051E-15E7-4CFD-A17A-47BBA4DB7D75"}, {"criteria": "cpe:2.3:a:yaws:yaws:1.73:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "704FF671-C530-4000-9C15-B6CDB73EBE0D"}, {"criteria": "cpe:2.3:a:yaws:yaws:1.74:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF5EBB06-F40A-4349-A6D8-6E43E64473CB"}, {"criteria": "cpe:2.3:a:yaws:yaws:1.75:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "150881D1-84FC-4522-978D-FDE49297FE14"}, {"criteria": "cpe:2.3:a:yaws:yaws:1.76:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E60B04D6-6CA3-4D79-AFD3-B6426158A93F"}, {"criteria": "cpe:2.3:a:yaws:yaws:1.77:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3ABEC8B-A76C-497C-9743-D9F5EE485657"}, {"criteria": "cpe:2.3:a:yaws:yaws:1.78:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D82781B6-6A56-4CBB-B620-D2FB3AB60558"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}