Lucene search

[email protected]CVE-2009-3586

HistoryDec 08, 2009 - 6:30 p.m.

CVE-2009-3586

2009-12-0818:30:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2009-3586

corehttp

buffer overflow

denial of service

remote attackers

http request

code execution

vulnerability

8.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.2%

JSON

Off-by-one error in src/http.c in CoreHTTP 0.5.3.1 and earlier allows remote attackers to cause a denial of service or possibly execute arbitrary code via an HTTP request with a long first line that triggers a buffer overflow. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2007-4060.

CPENameOperatorVersion
frank_yaul:corehttpfrank yaul corehttpeq0.5.3.1

CPE	Name	Operator	Version
frank_yaul:corehttp	frank yaul corehttp	eq	0.5.3.1

References

census-labs.com/media/corex.txt

census-labs.com/news/2009/12/02/corehttp-web-server/

www.securityfocus.com/archive/1/508272/100/0/threaded

8.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.2%

JSON

Related for CVE-2009-3586

seebug1 exploitpack1 prion2 securityvulns2 exploitdb1 packetstorm1 openvas2 cve1