Lucene search

K

[email protected]CVE-2015-1382

HistoryFeb 03, 2015 - 4:59 p.m.

CVE-2015-1382

2015-02-0316:59:00

CWE-20

[email protected]

web.nvd.nist.gov

36

privoxy

denial of service

remote attack

http

cve-2015-1382

6.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.032 Low

EPSS

Percentile

91.1%

parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header.

CPENameOperatorVersion
debian:debian_linuxdebian debian linuxeq7.0
privoxy:privoxyprivoxyle3.0.22
opensuse:opensuseopensuseeq13.1
opensuse:opensuseopensuseeq13.2

References

ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup

ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297&r2=1.298

lists.opensuse.org/opensuse-updates/2015-02/msg00031.html

secunia.com/advisories/62775

secunia.com/advisories/62899

www.debian.org/security/2015/dsa-3145

www.openwall.com/lists/oss-security/2015/01/26/4

www.openwall.com/lists/oss-security/2015/01/27/20

6.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.032 Low

EPSS

Percentile

91.1%

Related for CVE-2015-1382

ubuntucve1 prion1 debiancve1 debian3 nessus5 openvas3 osv2 securityvulns2 freebsd1 archlinux1