CVE-2004-2035 - MiniShare 1.3.2 allows remote attackers to cause a denial of service (crash) via a malformed HTTP GE

CVE-2004-2035

Summary

MiniShare 1.3.2 allows remote attackers to cause a denial of service (crash) via a malformed HTTP GET or HEAD request without the proper number of trailing CRLF sequences.

References

http://lists.netsys.com/pipermail/full-disclosure/2004-May/021980.html
http://marc.info/?l=bugtraq&m=108563992129877&w=2
http://secunia.com/advisories/11715
http://sourceforge.net/project/shownotes.php?release_id=241158
http://www.autistici.org/fdonato/advisory/MiniShare1.3.2-adv.txt
http://www.osvdb.org/6432
http://www.securityfocus.com/bid/10417
https://exchange.xforce.ibmcloud.com/vulnerabilities/16260

Vulnerable Configurations

cpe:2.3:a:minishare:minimal_http_server:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:minishare:minimal_http_server:1.3.2:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 11-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	10417
bugtraq	20040527 DoS in MiniShare 1.3.2
confirm	http://sourceforge.net/project/shownotes.php?release_id=241158
fulldisc	20040527 DoS in MiniShare 1.3.2
misc	http://www.autistici.org/fdonato/advisory/MiniShare1.3.2-adv.txt
osvdb	6432
secunia	11715
xf	minishare-get-head-dos(16260)

Last major update

11-07-2017 - 01:31

Published

26-05-2004 - 04:00

Last modified

11-07-2017 - 01:31