Lucene search

K
ubuntucveUbuntu.comUB:CVE-2017-2891
HistoryNov 07, 2017 - 12:00 a.m.

CVE-2017-2891

2017-11-0700:00:00
ubuntu.com
ubuntu.com
8

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.4%

An exploitable use-after-free vulnerability exists in the HTTP server
implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with
a CGI target can cause a reuse of previously freed pointer potentially
resulting in remote code execution. An attacker needs to send this HTTP
request over the network to trigger this vulnerability.

Notes

Author Note
sbeattie mongoose is used on windows only to serve up content for chromecast

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.4%

Related for UB:CVE-2017-2891