Lucene search

FreeBSDA7080C30-91A2-11DC-B2EB-00B0D07E6C7E

HistoryNov 05, 2007 - 12:00 a.m.

mt-daapd -- denial of service vulnerability

2007-11-0500:00:00

vuxml.freebsd.org

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.04 Low

EPSS

Percentile

92.0%

JSON

US-CERT reports:

webserver.c in mt-dappd in Firefly Media Server 0.2.4 and
earlier allows remote attackers to cause a denial of service
(NULL dereference and daemon crash) via a stats method action
to /xml-rpc with (1) an empty Authorization header line, which
triggers a crash in the ws_decodepassword function; or (2) a
header line without a ‘:’ character, which triggers a crash
in the ws_getheaders function.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchmt-daapd< 0.2.4.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	mt-daapd	< 0.2.4.1	UNKNOWN

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.04 Low

EPSS

Percentile

92.0%

JSON

Related for A7080C30-91A2-11DC-B2EB-00B0D07E6C7E