| ID |
CVE-2019-6256
|
| Summary |
A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request within the same TCP session. This occurs because of a call to an incorrect virtual function pointer in the readSocket function in GroupsockHelper.cpp. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:live555:live555_media_server:0.93:*:*:*:*:*:*:*
cpe:2.3:a:live555:live555_media_server:0.93:*:*:*:*:*:*:*
-
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
-
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 7.5 (as of 24-08-2020 - 17:37) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-755 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| refmap
via4
|
| bugtraq | 20190317 [SECURITY] [DSA 4408-1] liblivemedia security update | | debian | DSA-4408 | | gentoo | GLSA-202005-06 | | misc | https://github.com/rgaufman/live555/issues/19 | | mlist | [debian-lts-announce] 20190226 [SECURITY] [DLA 1690-1] liblivemedia security update |
|
| Last major update |
24-08-2020 - 17:37 |
| Published |
14-01-2019 - 08:29 |
| Last modified |
24-08-2020 - 17:37 |
