Lucene search
JpcertCVELIST:CVE-2016-4864HistoryMay 12, 2017 - 6:00 p.m.
CVE-2016-4864
2017-05-1218:00:00
jpcert
www.cve.org
7
EPSS
0.001
Percentile
49.6%
H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service (DoS) via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy.
CNA Affected
[
{
"product": "H2O",
"vendor": "Kazuho Oku",
"versions": [
{
"status": "affected",
"version": "versions 2.0.3 and earlier"
},
{
"status": "affected",
"version": "versions 2.1.0-beta2 and earlier"
}
]
}
]Related
openvas
openvas
H2O HTTP Server < 2.0.4, 2.1.x < 2.1.0-beta3 Format String Vulnerability
2016-09-15 00:00:00
H2O HTTP Server < 2.0.4 DoS Vulnerability
2018-02-27 00:00:00
jvn
jvn
JVN#94779084: H2O use of externally-controlled format string
2016-09-15 00:00:00
nvd
nvd
CVE-2016-4864
2017-05-12 18:29:00
nessus
nessus
freebsd
freebsd
h2o -- fix DoS attack vector
2016-06-09 00:00:00
osv
osv
CVE-2016-4864
2017-05-12 18:29:00
debiancve
debiancve
CVE-2016-4864
2017-05-12 18:29:00
cve
cve
CVE-2016-4864
2017-05-12 18:29:00
prion
prion
Format string
2017-05-12 18:29:00