Lucene search

[email protected]CVE-2004-2117

HistoryJan 24, 2004 - 5:00 a.m.

CVE-2004-2117

2004-01-2405:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

tiny server

1.1

remote attackers

denial of service

http requests

7.5 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.097 Low

EPSS

Percentile

94.7%

JSON

Tiny Server 1.1 allows remote attackers to cause a denial of service (crash) via malformed HTTP requests such as (1) a GET request without the HTTP version (HTTP/1.1), or (2) a request without GET or the HTTP version.

CPENameOperatorVersion
tinyserver:tinyservertinyservereq1.1

CPE	Name	Operator	Version
tinyserver:tinyserver	tinyserver	eq	1.1

References

marc.info/?l=bugtraq&m=107496530806730&w=2

secunia.com/advisories/10707

www.autistici.org/fdonato/advisory/tinyServer1.1%5B1.0.5%5D-adv.txt

www.osvdb.org/3709

www.securityfocus.com/bid/9485

exchange.xforce.ibmcloud.com/vulnerabilities/14928

7.5 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.097 Low

EPSS

Percentile

94.7%

JSON