Lucene search
GoogleOSV:CVE-2018-16789HistoryMar 21, 2019 - 4:00 p.m.
CVE-2018-16789
2019-03-2116:00:22
Google
osv.dev
7
libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down.
| CPE | Name | Operator | Version |
|---|---|---|---|
| shellinabox | eq | 2.17 | |
| shellinabox | eq | 2.14 | |
| shellinabox | eq | 2.15-rc2 | |
| shellinabox | eq | 2.16 | |
| shellinabox | eq | 2.20 | |
| shellinabox | eq | 2.18 | |
| shellinabox | eq | 2.15 | |
| shellinabox | eq | 2.19 | |
| shellinabox | eq | 2.12 | |
| shellinabox | eq | 2.11 |
Related
ubuntucve
ubuntucve
CVE-2018-16789
2019-03-21 00:00:00
nvd
nvd
CVE-2018-16789
2019-03-21 16:00:22
cvelist
cvelist
CVE-2018-16789
2019-03-17 18:36:51
prion
prion
Design/Logic Flaw
2019-03-21 16:00:00
cve
cve
CVE-2018-16789
2019-03-21 16:00:22
zdt
zdt
Shell In A Box 2.2.0 Denial Of Service Exploit
2018-10-28 00:00:00
debiancve
debiancve
CVE-2018-16789
2019-03-21 16:00:22
packetstorm
packetstorm
Shell In A Box 2.2.0 Denial Of Service
2018-10-27 00:00:00