[email protected]CVE-2015-1380

HistoryFeb 03, 2015 - 4:59 p.m.

CVE-2015-1380

2015-02-0316:59:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2015-1380

privoxy

denial of service

remote attack

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.019 Low

EPSS

Percentile

88.3%

JSON

jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body.

CPENameOperatorVersion
privoxy:privoxyprivoxyle3.0.22
oracle:solarisoracle solariseq11.2
opensuse:opensuseopensuseeq13.1
opensuse:opensuseopensuseeq13.2

CPE	Name	Operator	Version
privoxy:privoxy	privoxy	le	3.0.22
oracle:solaris	oracle solaris	eq	11.2
opensuse:opensuse	opensuse	eq	13.1
opensuse:opensuse	opensuse	eq	13.2

References

ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup

ijbswa.cvs.sourceforge.net/viewvc/ijbswa/currentjcc.c/?r1=1.433&r2=1.434

lists.opensuse.org/opensuse-updates/2015-02/msg00031.html

secunia.com/advisories/62899

www.openwall.com/lists/oss-security/2015/01/26/4

www.openwall.com/lists/oss-security/2015/01/27/20

www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

www.securityfocus.com/bid/72355

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.019 Low

EPSS

Percentile

88.3%

JSON

Related for CVE-2015-1380

ubuntucve1 debiancve1 prion1 archlinux1 nessus3 freebsd1