Lucene search

[email protected]CVE-2009-3586

HistoryDec 08, 2009 - 6:30 p.m.

CVE-2009-3586

2009-12-0818:30:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2009-3586

corehttp

buffer overflow

denial of service

remote attackers

http request

code execution

vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.053 Low

EPSS

Percentile

93.1%

JSON

Off-by-one error in src/http.c in CoreHTTP 0.5.3.1 and earlier allows remote attackers to cause a denial of service or possibly execute arbitrary code via an HTTP request with a long first line that triggers a buffer overflow. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2007-4060.

Affected configurations

NVD

Node

frank_yaulcorehttpMatch0.5.3.1

CPENameOperatorVersion
frank_yaul:corehttpfrank yaul corehttpeq0.5.3.1

CPE	Name	Operator	Version
frank_yaul:corehttp	frank yaul corehttp	eq	0.5.3.1

References

census-labs.com/media/corex.txt

census-labs.com/news/2009/12/02/corehttp-web-server/

www.securityfocus.com/archive/1/508272/100/0/threaded

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.053 Low

EPSS

Percentile

93.1%

JSON

Related for CVE-2009-3586

seebug1 exploitpack1 nvd2 securityvulns2 prion2 cvelist2 packetstorm1 openvas2 exploitdb1 cve1