CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
EPSS
Percentile
80.3%
When pavuk sends a request to a web server and the server
sends back the HTTP status code 305 (Use Proxy), pavuk
copies data from the HTTP Location header in an unsafe
manner. This leads to a stack-based buffer overflow with
control over EIP.