Lucene search
China National Vulnerability DatabaseCNVD-2022-88270HistorySep 28, 2022 - 12:00 a.m.
Rdiffweb Username Denial of Service Vulnerability
2022-09-2800:00:00
China National Vulnerability Database
www.cnvd.org.cn
6
rdiffweb
denial of service
vulnerability
username parameter
version 2.4.8
length validation
EPSS
0.001
Percentile
37.9%
Rdiffweb is a web application by the American personal developer Patrik Dufresne. A denial of service vulnerability exists in versions prior to Rdiffweb 2.4.8, which stems from a lack of length validation in the username parameter of rdiffweb-demo.ikus-soft.com/admin/users. An attacker could exploit the vulnerability to launch a denial of service attack by entering a long string.
Related
osv
osv
CVE-2022-3290
2022-09-26 19:15:11
rdiffweb's unlimited username field length can lead to DoS
2022-09-27 00:00:17
PYSEC-2022-292
2022-09-26 19:15:00
huntr
huntr
No Limit in length of username , results in memory consumption/DOS attack
2022-09-23 10:30:42
prion
prion
Input validation
2022-09-26 19:15:00
github
github
rdiffweb's unlimited username field length can lead to DoS
2022-09-27 00:00:17
veracode
veracode
Denial Of Service (DoS)
2022-09-26 06:51:46
cvelist
cvelist
cve
cve
CVE-2022-3290
2022-09-26 19:15:11
nvd
nvd
CVE-2022-3290
2022-09-26 19:15:11