CVE-2008-3688 - sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote attackers to cause a denial of s

CVE-2008-3688

Summary

sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote attackers to cause a denial of service (hang) by connecting to a non-responsive server, which triggers an infinite loop due to an uninitialized variable.

References

https://sourceforge.net/mailarchive/message.php?msg_name=487CDF51.5060201%40endian.com
http://www.server-side.de/index.htm
http://secunia.com/advisories/31971
http://www.gentoo.org/security/en/glsa/glsa-200809-11.xml
http://www.securitytracker.com/id?1020900
http://www.securityfocus.com/bid/30697
http://secunia.com/advisories/31494
https://exchange.xforce.ibmcloud.com/vulnerabilities/44467

Vulnerable Configurations

cpe:2.3:a:havp:http_antivirus_proxy:0.88:*:*:*:*:*:*:*
cpe:2.3:a:havp:http_antivirus_proxy:0.88:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 08-02-2024 - 23:44)
Impact:
Exploitability:

CWE

CWE-908

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

bid	30697
confirm	http://www.server-side.de/index.htm
gentoo	GLSA-200809-11
mlist	[havp-devel] 20080715 Infinite loop which causes havp to block completely
sectrack	1020900
secunia	31494 31971
xf	havp-sockethandler-dos(44467)

Last major update

08-02-2024 - 23:44

Published

14-08-2008 - 22:41

Last modified

08-02-2024 - 23:44