2 matches found
CVE-2018-16789
CVE-2018-16789 affects shellinabox up to version 2.20, where libhttp/url.c contains a flaw in HTTP request parsing. A crafted multipart/form-data request can cause shellinaboxd to enter an infinite loop, exhausting CPU resources and potentially taking the service down. The available documents des...
CVE-2015-8400
Shell In A Box (shellinabox) prior to version 2.19 contains an HTTPS fallback mechanism that allows DNS rebinding attacks via the /plain URL. The vulnerability is triggered when the client can revert HTTPS requests to HTTP, enabling remote attackers to exploit DNS rebinding. Public references in ...