CVE-2007-0838 - FreeProxy before 3.92 Build 1626 allows malicious users to cause a denial of service (infinite loop)

CVE-2007-0838

Summary

FreeProxy before 3.92 Build 1626 allows malicious users to cause a denial of service (infinite loop) via a HOST: header with a hostname and port number that refers to the server itself. <a href="http://cwe.mitre.org/data/definitions/835.html">CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')</a>

References

Vulnerable Configurations

cpe:2.3:a:freeproxy:freeproxy:3.92:*:*:*:*:*:*:*
cpe:2.3:a:freeproxy:freeproxy:3.92:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 29-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	22445
bugtraq	20070206 Medium level security hole in FreeProxy
confirm	http://www.handcraftedsoftware.org/index.php?page=3&mode=article&k=60
fulldisc	20070206 Medium level security hole in FreeProxy
osvdb	33116
secunia	24064
vupen	ADV-2007-0514
xf	freeproxy-hostname-portnumber-dos(32303)

Last major update

29-07-2017 - 01:30

Published

08-02-2007 - 00:28

Last modified

29-07-2017 - 01:30