1. CVE-Search
  2. CVE-2009-0751
ID CVE-2009-0751
Summary Yaws before 1.80 allows remote attackers to cause a denial of service (memory consumption and crash) via a request with a large number of headers.
References
Vulnerable Configurations
  • cpe:2.3:a:yaws:yaws:1.50:*:*:*:*:*:*:*
    cpe:2.3:a:yaws:yaws:1.50:*:*:*:*:*:*:*
  • cpe:2.3:a:yaws:yaws:1.51:*:*:*:*:*:*:*
    cpe:2.3:a:yaws:yaws:1.51:*:*:*:*:*:*:*
  • cpe:2.3:a:yaws:yaws:1.52:*:*:*:*:*:*:*
    cpe:2.3:a:yaws:yaws:1.52:*:*:*:*:*:*:*
  • cpe:2.3:a:yaws:yaws:1.53:*:*:*:*:*:*:*
    cpe:2.3:a:yaws:yaws:1.53:*:*:*:*:*:*:*
  • cpe:2.3:a:yaws:yaws:1.54:*:*:*:*:*:*:*
    cpe:2.3:a:yaws:yaws:1.54:*:*:*:*:*:*:*
  • cpe:2.3:a:yaws:yaws:1.55:*:*:*:*:*:*:*
    cpe:2.3:a:yaws:yaws:1.55:*:*:*:*:*:*:*
  • cpe:2.3:a:yaws:yaws:1.56:*:*:*:*:*:*:*
    cpe:2.3:a:yaws:yaws:1.56:*:*:*:*:*:*:*
  • cpe:2.3:a:yaws:yaws:1.57:*:*:*:*:*:*:*
    cpe:2.3:a:yaws:yaws:1.57:*:*:*:*:*:*:*
  • cpe:2.3:a:yaws:yaws:1.58:*:*:*:*:*:*:*
    cpe:2.3:a:yaws:yaws:1.58:*:*:*:*:*:*:*
  • cpe:2.3:a:yaws:yaws:1.61:*:*:*:*:*:*:*
    cpe:2.3:a:yaws:yaws:1.61:*:*:*:*:*:*:*
  • cpe:2.3:a:yaws:yaws:1.62:*:*:*:*:*:*:*
    cpe:2.3:a:yaws:yaws:1.62:*:*:*:*:*:*:*
  • cpe:2.3:a:yaws:yaws:1.63:*:*:*:*:*:*:*
    cpe:2.3:a:yaws:yaws:1.63:*:*:*:*:*:*:*
  • cpe:2.3:a:yaws:yaws:1.64:*:*:*:*:*:*:*
    cpe:2.3:a:yaws:yaws:1.64:*:*:*:*:*:*:*
  • cpe:2.3:a:yaws:yaws:1.65:*:*:*:*:*:*:*
    cpe:2.3:a:yaws:yaws:1.65:*:*:*:*:*:*:*
  • cpe:2.3:a:yaws:yaws:1.66:*:*:*:*:*:*:*
    cpe:2.3:a:yaws:yaws:1.66:*:*:*:*:*:*:*
  • cpe:2.3:a:yaws:yaws:1.67:*:*:*:*:*:*:*
    cpe:2.3:a:yaws:yaws:1.67:*:*:*:*:*:*:*
  • cpe:2.3:a:yaws:yaws:1.68:*:*:*:*:*:*:*
    cpe:2.3:a:yaws:yaws:1.68:*:*:*:*:*:*:*
  • cpe:2.3:a:yaws:yaws:1.70:*:*:*:*:*:*:*
    cpe:2.3:a:yaws:yaws:1.70:*:*:*:*:*:*:*
  • cpe:2.3:a:yaws:yaws:1.71:*:*:*:*:*:*:*
    cpe:2.3:a:yaws:yaws:1.71:*:*:*:*:*:*:*
  • cpe:2.3:a:yaws:yaws:1.72:*:*:*:*:*:*:*
    cpe:2.3:a:yaws:yaws:1.72:*:*:*:*:*:*:*
  • cpe:2.3:a:yaws:yaws:1.73:*:*:*:*:*:*:*
    cpe:2.3:a:yaws:yaws:1.73:*:*:*:*:*:*:*
  • cpe:2.3:a:yaws:yaws:1.74:*:*:*:*:*:*:*
    cpe:2.3:a:yaws:yaws:1.74:*:*:*:*:*:*:*
  • cpe:2.3:a:yaws:yaws:1.75:*:*:*:*:*:*:*
    cpe:2.3:a:yaws:yaws:1.75:*:*:*:*:*:*:*
  • cpe:2.3:a:yaws:yaws:1.76:*:*:*:*:*:*:*
    cpe:2.3:a:yaws:yaws:1.76:*:*:*:*:*:*:*
  • cpe:2.3:a:yaws:yaws:1.77:*:*:*:*:*:*:*
    cpe:2.3:a:yaws:yaws:1.77:*:*:*:*:*:*:*
  • cpe:2.3:a:yaws:yaws:1.78:*:*:*:*:*:*:*
    cpe:2.3:a:yaws:yaws:1.78:*:*:*:*:*:*:*
  • cpe:2.3:a:yaws:yaws:*:*:*:*:*:*:*:*
    cpe:2.3:a:yaws:yaws:*:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 29-09-2017 - 01:34)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 33834
confirm http://yaws.hyber.org/
debian DSA-1740
exploit-db 8148
mlist [oss-security] 20090219 CVE request for yaws
secunia
  • 33979
  • 34239
vupen ADV-2009-0590
Last major update 29-09-2017 - 01:34
Published 02-03-2009 - 22:30
Last modified 29-09-2017 - 01:34
Back to Top