Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-2002-1
HistoryFeb 19, 2010 - 12:00 a.m.

polipo - denial of service

2010-02-1900:00:00
Google
osv.dev
13

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Several denial of service vulnerabilities have been discovered in polipo, a
small, caching web proxy. The Common Vulnerabilities and Exposures project
identifies the following problems:

  • CVE-2009-3305
    A malicous remote sever could cause polipo to crash by sending an
    invalid Cache-Control header.
  • CVE-2009-4143
    A malicous client could cause polipo to crash by sending a large
    Content-Length value.

This upgrade also fixes some other bugs that could lead to a daemon crash
or an infinite loop and may be triggerable remotely.

For the stable distribution (lenny), these problems have been fixed in
version 1.0.4-1+lenny1.

For the testing distribution (squeeze) and the unstable distribution (sid),
these problems have been fixed in version 1.0.4-3.

We recommend that you upgrade your polipo packages.

CPENameOperatorVersion
polipoeq1.0.4-1

Related

debian 4
nessus 13
openvas 20
securityvulns 5
prion 3
ubuntucve 3
cve 3
debiancve 2
seebug 1
osv 1
ubuntu 1
freebsd 1
slackware 1
gentoo 1
threatpost 1
debian
debian
[SECURITY] [DSA-2002-1] New polipo packages fix denial of service
2010-02-19 15:36:51
[SECURITY] [DSA-2002-1] New polipo packages fix denial of service
2010-02-19 15:36:51
[SECURITY] [DSA-2001-1] New php5 packages fix multiple vulnerabilities
2010-02-19 14:56:46
nessus
nessus
Debian DSA-2002-1 : polipo - denial of service
2010-02-24 00:00:00
Mandriva Linux Security Advisory : php (MDVSA-2010:045)
2010-02-24 00:00:00
Debian DSA-2001-1 : php5 - multiple vulnerabilities
2010-02-24 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-2002-1)
2023-03-08 00:00:00
Polipo Malformed HTTP GET Request Memory Corruption Vulnerability
2009-12-08 00:00:00
Polipo Malformed HTTP GET Request Memory Corruption Vulnerability
2009-12-08 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA-2002-1] New polipo packages fix denial of service
2010-02-22 00:00:00
polipo proxy server DoS
2010-02-22 00:00:00
PHP multiple security vulnerabilities
2010-01-08 00:00:00
prion
prion
Integer overflow
2009-12-24 16:30:00
Cross site request forgery (csrf)
2009-12-24 16:30:00
Memory corruption
2009-12-21 16:30:00
ubuntucve
ubuntucve
CVE-2009-4413
2009-12-24 00:00:00
CVE-2009-3305
2009-12-24 00:00:00
CVE-2009-4143
2009-12-21 00:00:00
cve
cve
CVE-2009-4413
2009-12-24 16:30:00
CVE-2009-3305
2009-12-24 16:30:00
CVE-2009-4143
2009-12-21 16:30:00
debiancve
debiancve
CVE-2009-4413
2009-12-24 16:30:00
CVE-2009-3305
2009-12-24 16:30:00
seebug
seebug
PHP session.save_path()ๅ‡ฝๆ•ฐไปปๆ„ๅ‘ฝไปคๆ‰ง่กŒๆผๆดž
2010-02-20 00:00:00
osv
osv
php5 - multiple vulnerabilities
2010-02-19 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2010-01-13 00:00:00
freebsd
freebsd
php -- multiple vulnerabilities
2009-12-17 00:00:00
slackware
slackware
[slackware-security] php
2010-01-25 05:20:07
gentoo
gentoo
PHP: Multiple vulnerabilities
2010-01-05 00:00:00
threatpost
threatpost
Apple Mega Patch Covers 88 Mac OS X Vulnerabilities
2010-03-29 17:15:44

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON
Related for OSV:DSA-2002-1
debian4nessus13openvas20securityvulns5prion3ubuntucve3cve3debiancve2seebug1osv1ubuntu1freebsd1slackware1gentoo1threatpost1