Lucene search
K

271 matches found

Prion
Prion
added 2020/02/19 7:15 p.m.14 views

Heap overflow

An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability...

7.5CVSS6.6AI score0.05116EPSS
Exploits1References6Affected Software4
Prion
Prion
added 2020/02/19 7:15 p.m.17 views

Design/Logic Flaw

An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability...

5CVSS5.8AI score0.06102EPSS
Exploits1References6Affected Software4
Debian CVE
Debian CVE
added 2020/02/19 6:27 p.m.27 views

CVE-2020-6061

An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability...

9.8CVSS6.9AI score0.05116EPSS
Exploits1
CVE
CVE
added 2020/02/19 6:27 p.m.126 views

CVE-2020-6061

CVE-2020-6061 affects coturn (CoTURN) web server: a crafted HTTP POST request can trigger a heap out-of-bounds read in the server when parsing POST data, leading to information leaks and misbehavior. The vulnerability is associated with CoTURN 4.5.1.1 and was fixed in updated package releases acr...

9.8CVSS9AI score0.05116EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2020/02/19 6:27 p.m.25 views

CVE-2020-6061

An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability...

7CVSS9.2AI score0.05116EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2020/02/19 6:25 p.m.23 views

CVE-2020-6062

An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability...

7.5CVSS6.2AI score0.06102EPSS
Exploits1
CVE
CVE
added 2020/02/19 6:25 p.m.170 views

CVE-2020-6062

CVE-2020-6062 affects coturn’s web server POST handling, where a crafted HTTP POST request can trigger a server crash and denial of service. The connected advisories confirm the same issue across multiple distributions and show the root cause as improper handling of POST requests. Affected produc...

7.5CVSS8.2AI score0.06102EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2020/02/19 6:25 p.m.29 views

CVE-2020-6062

An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability...

5.9CVSS8.3AI score0.06102EPSS
Exploits1References6
Talos Blog
Talos Blog
added 2020/02/18 9:7 a.m.47 views

Vulnerability Spotlight: Memory corruption, DoS vulnerabilities in CoTURN

Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. CoTURN contains denial-of-service and memory corruption vulnerabilities in the way its web server parses POST requests. CoTURN is a TURN server implementation that can be used as a general- purpose network traff...

7.5CVSS0.3AI score0.06102EPSS
Exploits2
Talos
Talos
added 2020/02/18 12:0 a.m.68 views

CoTURN HTTP Server POST-parsing denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability. Tested Versions...

7.5CVSS7.4AI score0.06102EPSS
Exploits1
Talos
Talos
added 2020/02/18 12:0 a.m.56 views

CoTURN HTTP Server POST-parsing information leak vulnerability

Summary An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability. Teste...

9.8CVSS8.3AI score0.05116EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2019/08/20 12:0 a.m.9 views

The vulnerability of the coTURN server function, related to an error in the encoding of registration data, allows a hacker to gain access to the server under the authority of the administrator.

The vulnerability of the coTURN server function is related to an error in the encoding of registration data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the server through the telnet port under the authority of the administrator...

10CVSS5.5AI score0.01897EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2019/04/25 12:0 a.m.8 views

The vulnerability of the coTURN server, related to configuration errors, allows attackers to compromise data integrity.

The vulnerability of the coTURN server is related to a configuration error that causes external traffic to be redirected to the backend interface of its own host. Exploiting this vulnerability allows an attacker to compromise the integrity of data...

7.7CVSS7.1AI score0.00935EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2019/03/21 4:0 p.m.8 views

CVE-2018-4059

An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN server configuratio...

9.8CVSS9.6AI score
Exploits0References1
NVD
NVD
added 2019/03/21 4:0 p.m.17 views

CVE-2018-4059

An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN server configuratio...

10CVSS8.1AI score0.01897EPSS
Exploits0References1
OSV
OSV
added 2019/03/21 4:0 p.m.11 views

CVE-2018-4058

An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that...

7.7CVSS9.3AI score
Exploits0References1
OSV
OSV
added 2019/03/21 4:0 p.m.2 views

DEBIAN-CVE-2018-4059

An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN server configuratio...

9.8CVSS7.8AI score0.01897EPSS
Exploits0References1
NVD
NVD
added 2019/03/21 4:0 p.m.13 views

CVE-2018-4058

An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that...

7.7CVSS7.5AI score0.00935EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2019/03/21 4:0 p.m.28 views

CVE-2018-4059

An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN server configuratio...

10CVSS6.9AI score0.01897EPSS
Exploits0References2
OSV
OSV
added 2019/03/21 4:0 p.m.4 views

UBUNTU-CVE-2018-4059

An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN server configuratio...

9.8CVSS7AI score0.01897EPSS
Exploits0References3
Rows per page
Query Builder