1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
5.1%
Florian Weimer of the Red Hat Product Security Team reports:
Due to a missing check during assembly of the HTTP request line a long
target server name in the PROXY-CONNECT address can cause a stack buffer
overrun. Exploitation requires that the attacker is able to provide the
target server name to the PROXY-CONNECT address in the command line.
This can happen for example in scripts that receive data from untrusted
sources.